Critical Vulnerabilities Discovered in Popular Anti-Spam Plugin for WordPress ️

🔍 Two major vulnerabilities have been found in the widely used Anti-Spam by CleanTalk plugin, which is active on more than 200,000 WordPress websites. These flaws could allow attackers to execute arbitrary code remotely, putting countless websites at risk.

Here’s a breakdown of what happened and how you can protect your website.

🔑 CVE-2024–10542 and CVE-2024–10781

Both vulnerabilities have a CVSS score of 9.8 (critical).They allow unauthenticated attackers to install and activate plugins, including malicious ones, enabling Remote Code Execution (RCE).

💡 Details:

CVE-2024–10542:CVE-2024–10781:October 2024: Vulnerabilities discovered.November 1, 2024: Version 6.44 released to patch CVE-2024–10542.November 14, 2024: Version 6.45 was released to fix CVE-2024–10781.

❗ However, as of November 26, nearly 50% of installations remain unpatched, leaving thousands of websites vulnerable.

If you use the “Spam protection, Anti-Spam, FireWall by CleanTalk” plugin:

Update immediately to version 6.45 or later. 🚀Verify that your API key is configured properly in the plugin settings. 🛠️Regularly check for updates to avoid future vulnerabilities. 🔄

WordPress plugins are a common target for attackers. Protect your site by:

Implementing regular penetration testing to identify vulnerabilities.Keeping plugins, themes, and core files up to date.Monitoring for suspicious activity in your website logs. 📈Leveraging security plugins for additional protection.

🔒 At Wire Tor Pentest Services, we specialize in safeguarding your digital assets with comprehensive penetration testing solutions. From web applications to plugins, our experts ensure your WordPress site remains resilient against the latest cyber threats.

👉 Follow us at Wire Tor and secure your website today!

🛑 Don’t wait until it’s too late! Protect your website, your data, and your users by staying ahead of threats like these.