Blog
Share This Post
[ad_1]
Nearly 50% of over 200,000 WordPress sites with the Spam protection, Anti-Spam, FireWall by CleanTalk plugin were discovered to remain impacted by a pair of critical authorization bypass vulnerabilities, tracked as CVE-2024-10542 and CVE-2024-10781, which could be leveraged to facilitate arbitrary plugin activation and remote code execution attacks, SecurityWeek reports.
More severe of the two is CVE-2024-10542, which evades authorization for the plugin’s remote call and plugin installation function, according to a report from Defiant. “The attacker can then perform any of the actions behind this intended authorization check, such as plugin installation, activation, deactivation or uninstallation,” said Defiant. While such an issue has been addressed by CleanTalk earlier this month, the released fix was found to be affected by CVE-2024-10781, which enables attacker authorization through a token with the same empty hash value, Defiant added. Organizations with WordPress sites using the CleanTalk plugin have been urged to immediately apply the version 6.45 update.
Get essential knowledge and practical strategies to fortify your applications.
[ad_2]
Source link
Subscribe To Our Newsletter
Get updates and learn from the best
More To Explore
US Charges Five People Over North Korean IT Worker Scheme
[ad_1] The US has announced charges against five individuals involved in a fake IT workers scheme to funnel funds to
In Other News: VPN Supply Chain Attack, PayPal $2M Settlement, RAT Builder Hacks Script Kiddies
[ad_1] Noteworthy stories that might have slipped under the radar: Korean VPN supply chain attack, PayPal settles with New York
