WordPress Anti-Spam Plugin Vulnerability Hits 200k+ Sites via @sejournal, @martinibuster

A flaw successful a WordPress anti-spam plugin with implicit 200,000 installations allows rogue plugins to beryllium installed connected affected websites. Security researchers rated the vulnerability 9.8 retired of 10, reflecting the precocious level of severity determined by information researchers.

Screenshot Of CleanTalk Vulnerability Severity Rating

CleanTalk Anti-Spam WordPress Plugin Vulnerability

A highly rated anti-spam firewall with implicit 200,000 installations was recovered to person an authentication bypass vulnerability that enables attackers to summation afloat entree to websites without providing a username oregon password. The flaw lets attackers upload and instal immoderate plugin, including malware, granting them afloat power of the site.

The flaw successful the Spam protection, Anti-Spam, FireWall by CleanTalk plugin, was pinpointed by information researchers astatine Wordfence arsenic caused by reverse DNS spoofing. DNS is the strategy that turns an IP code to a domain name. Reverse DNS spoofing is wherever an attacker manipulates the strategy to amusement that it’s coming from a antithetic IP code oregon domain name. In this lawsuit the attackers tin instrumentality the Ant-Spam plugin that the malicious petition is coming from the website itself and due to the fact that that plugin doesn’t person a cheque for that the attackers summation unauthorized access.

This vulnerability is categorized as: Missing Authorization. The Common Weakness Enumeration (CWE) website defines that as:

“The merchandise does not execute an authorization cheque erstwhile an histrion attempts to entree a assets oregon execute an action.”

Wordfence explains it similar this:

“The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is susceptible to unauthorized Arbitrary Plugin Installation owed to an authorization bypass via reverse DNS spoofing connected the checkWithoutToken relation successful each versions up to, and including, 6.43.2. This makes it imaginable for unauthenticated attackers to instal and activate arbitrary plugins which tin beryllium leveraged to execute distant codification execution if different susceptible plugin is installed and activated.”

Recommendation

Wordfence recommends users of the affected plugin to update to mentation 6.44 oregon higher.

Read the Wordfence advisory:

Spam protection, Anti-Spam, FireWall by CleanTalk <= 6.43.2 – Authorization Bypass via Reverse DNS Spoofing to Unauthenticated Arbitrary Plugin Installation

Featured Image by Shutterstock/SimpleB

SEJ STAFF Roger Montti Owner - Martinibuster.com astatine Martinibuster.com

I person 25 years hands-on acquisition successful SEO, evolving on with the hunt engines by keeping up with the latest ...