CVE-2024-10570

Name of the Vulnerable Software and Affected Versions Security & Malware scan by CleanTalk plugin for WordPress versions up to, and including, 2.145

Description The issue is related to unauthorized SQL Injection due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function, as well as insufficient input sanitization and validation. This allows unauthenticated attackers to append additional SQL queries into existing queries, potentially extracting sensitive information from the database.

Recommendations For versions up to, and including, 2.145, update to a version that addresses the authorization bypass and input sanitization issues. As a temporary workaround, consider restricting access to the checkWithoutToken function until a patch is available. Avoid using the plugin until the issue is resolved, to minimize the risk of exploitation.