CleanTalk Plugin Vulnerabilities Affect Over 200,000 WordPress Websites at Risk of Attack
CleanTalk Plugin Vulnerabilities Affect Over 200,000 WordPress Websites at Risk of Attack
CleanTalk Plugin Vulnerabilities Affect Over 200,000 WordPress Websites at Risk of Attack
Information:
The Spam Protection, Anti-Spam, FireWall plugin by CleanTalk is a comprehensive and effective solution for spam prevention on WordPress websites, widely popular and trusted by users worldwide. The plugin's key feature is its ability to prevent spam across multiple channels, such as comments, user registrations, contact forms, and WooCommerce forms. All of this can be achieved with a single plugin, eliminating the need to install additional plugins for each form type, which helps simplify website system management.
Incident:
The vulnerabilities CVE-2024-10542 and CVE-2024-10781 in the Spam Protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress are rated as critical (CVSS 9.8) as they allow unauthenticated attackers to gain complete system control. In CVE-2024-10542, the vulnerability stems from an Authorization Bypass where functions related to Remote Calls management and plugin installation lack proper permission checks. This allows attackers to use IP Spoofing and DNS Spoofing techniques to trick the system into treating connections as coming from trusted sources, enabling unauthorized plugin installation and management.
CVE-2024-10781 arises from a token verification method that uses Hash Comparison with an API Key. If a website hasn't configured an API Key within the plugin, the system accepts tokens matching an "Empty Hash," allowing attackers to successfully authenticate themselves. This vulnerability makes it easier for attackers to install and activate vulnerable plugins or malicious code, such as plugins designed to facilitate Remote Code Execution (RCE).
Recommendation:
- Update the plugin immediately to version 6.45 or newer
- Verify API Key configuration in the plugin to prevent authentication issues
- Use a Web Application Firewall (WAF) to protect against spoofing attacks
- Monitor and audit plugin changes or unauthorized system access
The important things is Security systems. We must concern and monitor as usual.
For more information please contact
Email :sales@inetms.co.th
065 149 2822 (Ms.Suphatson )
063 204 4534 (Ms.Atsamaphorn)
065 929 6330 (Ms.Kansinee)
0613879439 (Ms.Sirilak)
0922576902 (Ms.Narusorn)
References :
- https://thehackernews.com/2024/11/critical-wordpress-anti-spam-plugin.html
- https://nvd.nist.gov/vuln/detail/CVE-2024-10542
- https://nvd.nist.gov/vuln/detail/CVE-2024-10781
- https://th.wordpress.org/plugins/cleantalk-spam-protect/
Weekly Interesting CVE
| NO. |
CVE Name |
Published Date |
Last Update |
Device/Appplication/OS Target |
Attack Type |
CVSS |
Detail |
Solution |
Reference |
|---|---|---|---|---|---|---|---|---|---|
| 1 |
CVE-2024-45422 |
19/11/2024 |
19/11/2024 |
Zoom |
Improper Input Validation |
6.5 |
Improper input validation in some Zoom Apps before version 6.2.0 may allow an unauthenticated user to conduct a denial of service via network access. |
Updated Version 6.2.0 |
https://nvd.nist.gov/vuln/detail/CVE-2024-45422 |
| 2 |
CVE-2023-29382 |
7/6/2023 |
19/11/2024 |
Zimbra Collaboration |
Code Injection |
9.8 |
An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component. |
Updated Version 8.8.15 Patch 41 |
https://nvd.nist.gov/vuln/detail/CVE-2023-29382 |
| 3 |
CVE-2024-39709 |
12/11/2024 |
23/11/2024 |
Ivanti Connect Secure |
escalate their privileges |
7.8 |
Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1 (Not Applicable to 9.1Rx) allow a local authenticated attacker to escalate their privileges. |
Ivanti Connect Secure Updated Version 22.6R2 |
https://nvd.nist.gov/vuln/detail/CVE-2024-39709 |
| 4 |
2024-44308 |
19/11/2024 |
21/11/2024 |
Safari |
arbitrary code execution |
8.8 |
The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems. |
iPhone Updated Version iOS 18.1.1 and iOS 17.7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2024-44308 |
| 5 |
CVE-2024-34406 |
6/11/2024 |
22/11/2024 |
McAfee Security: Antivirus VPN for Android |
Improper exception handling |
5.3 |
Improper exception handling in McAfee Security: Antivirus VPN for Android before 8.3.0 could allow an attacker to cause a denial of service through the use of a malformed deep link. |
Updated Version 8.3.0 |
https://nvd.nist.gov/vuln/detail/CVE-2024-34406 |
Malware News or Campaign IOC/IOA | EN
|
No |
Campaign Name |
Detection Date |
Attack Type |
Description |
Mitigation/Remediation |
|---|---|---|---|---|---|
| 1 |
Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia |
22/11/2024 |
Cyber Attack, Rejetto HTTP File Server, Phishing |
The TAG-110 threat group, associated with Russia, has been conducting cyber espionage campaigns targeting countries in Central Asia, East Asia, and Europe. The group primarily uses two custom malware tools:
The primary targets include government entities, human rights organizations, and educational institutions. At least 62 victims across 11 countries have been identified, with a focus on Central Asia (e.g., Tajikistan, Kyrgyzstan, Kazakhstan, Turkmenistan, Uzbekistan), along with Armenia, China, Hungary, India, Greece, and Ukraine. Attack chains leverage vulnerabilities in public-facing applications (e.g., Rejetto HTTP File Server) and phishing emails as entry points. |
|
Ref: https://thehackernews.com/2024/11/russian-hackers-deploy-hatvibe-and.html
06 December 2024
Viewed 287 time
