CVE-2023-5239

Name of the Vulnerable Software and Affected Versions CleanTalk WordPress plugin versions prior to 2.121

Description The issue allows an attacker to manipulate the client IP address retrieved by the Security & Malware scan, potentially bypassing bruteforce protection. This is due to the plugin retrieving client IP addresses from potentially untrusted headers.

Recommendations For versions prior to 2.121, update to version 2.121 or later to resolve the issue. As a temporary workaround, consider restricting access to the Security & Malware scan feature until the update is applied.