CVE-2021-24295

Name of the Vulnerable Software and Affected Versions Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin versions prior to 5.153.4

Description The issue is related to the update log function in the lib/Cleantalk/ApbctWP/Firewall/SFW.php module, which does not properly protect the SQL query structure. This allows a remote attacker to execute arbitrary SQL queries by exploiting an Unauthenticated Time-Based Blind SQL Injection vulnerability. The vulnerability can be exploited by manipulating the cookies set by the plugin, specifically by obtaining a ct sfw pass key cookie and then manually setting a separate ct sfw passed cookie and disallowing it from being reset. The attack can be initiated by sending an initial request to the /api endpoint, although the specific endpoint is not explicitly mentioned, and then using the User-Agent Header to inject the vulnerable query.

Recommendations For versions prior to 5.153.4, update to version 5.153.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the update log function in the lib/Cleantalk/ApbctWP/Firewall/SFW.php module until a patch is available. Avoid using the User-Agent Header to inject queries into the vulnerable module until the issue is resolved. Restrict access to the ct sfw pass key and ct sfw passed cookies to minimize the risk of exploitation.