cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-10542,https://securityvulnerability.io/vulnerability/CVE-2024-10542,Unauthorized Plugin Installation Vulnerability in CleanTalk for WordPress,"The CleanTalk Spam protection, Anti-Spam, and FireWall plugin for WordPress presents a vulnerability that allows unauthorized individuals to exploit an authorization bypass through reverse DNS spoofing. This issue affects all versions of the plugin up to and including 6.43.2. Attackers without authentication can install and activate arbitrary plugins, which could lead to remote code execution, especially if a vulnerable plugin is subsequently activated. Website owners utilizing this plugin should prioritize reviewing their security measures to mitigate potential risks.",Wordpress,"Spam Protection, Anti-spam, Firewall By Cleantalk",9.8,CRITICAL,0.00044999999227002263,false,,false,false,true,true,false,false,2024-11-26T05:33:01.407Z,0
CVE-2024-10781,https://securityvulnerability.io/vulnerability/CVE-2024-10781,Arbitrary Plugin Installation Vulnerability in CleanTalk WordPress Plugin,"The CleanTalk Spam Protection plugin for WordPress, specifically versions up to and including 6.44, has a critical vulnerability that allows unauthorized users to perform arbitrary plugin installations. This flaw arises from a missing empty value check for the 'api_key' parameter in the 'perform' function. As a result, unauthenticated attackers can exploit this oversight to install and activate any arbitrary plugin. If another vulnerable plugin is already in use, this security hole could lead to remote code execution, jeopardizing the integrity and security of the affected WordPress sites.",Wordpress,"Spam Protection, Anti-spam, Firewall By Cleantalk",8.1,HIGH,0.00044999999227002263,false,,true,false,true,,false,false,2024-11-26T05:33:00.910Z,0