CVE-2024-10542

Name of the Vulnerable Software and Affected Versions: CleanTalk versions up to and including 6.43.2

Description: The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is susceptible to unauthorized Arbitrary Plugin Installation due to an authorization bypass. This bypass is achieved through reverse DNS spoofing within the checkWithoutToken() function. Successful exploitation allows unauthenticated attackers to install and activate arbitrary plugins, potentially leading to remote code execution if another vulnerable plugin is already installed and active.

Recommendations: Update CleanTalk to version 6.43.3.