A flaw in a WordPress anti-spam plugin with over 200,000 installations permits rogue plugins to be put in on affected web sites. Safety researchers rated the vulnerability 9.8 out of 10, reflecting the excessive degree of severity decided by safety researchers.
Screenshot Of CleanTalk Vulnerability Severity Ranking
CleanTalk Anti-Spam WordPress Plugin Vulnerability
A extremely rated anti-spam firewall with over 200,000 installations was discovered to have an authentication bypass vulnerability that allows attackers to achieve full entry to web sites with out offering a username or password. The flaw lets attackers add and set up any plugin, together with malware, granting them full management of the location.
The flaw within the Spam safety, Anti-Spam, FireWall by CleanTalk plugin, was pinpointed by safety researchers at Wordfence as attributable to reverse DNS spoofing. DNS is the system that turns an IP tackle to a site title. Reverse DNS spoofing is the place an attacker manipulates the system to indicate that it’s coming from a unique IP tackle or area title. On this case the attackers can trick the Ant-Spam plugin that the malicious request is coming from the web site itself and since that plugin doesn’t have a test for that the attackers achieve unauthorized entry.
This vulnerability is categorized as: Lacking Authorization. The Widespread Weak spot Enumeration (CWE) web site defines that as:
“The product doesn’t carry out an authorization test when an actor makes an attempt to entry a useful resource or carry out an motion.”
Wordfence explains it like this:
“The Spam safety, Anti-Spam, FireWall by CleanTalk plugin for WordPress is susceptible to unauthorized Arbitrary Plugin Set up as a consequence of an authorization bypass through reverse DNS spoofing on the checkWithoutToken operate in all variations as much as, and together with, 6.43.2. This makes it doable for unauthenticated attackers to put in and activate arbitrary plugins which might be leveraged to attain distant code execution if one other susceptible plugin is put in and activated.”
Suggestion
Wordfence recommends customers of the affected plugin to replace to model 6.44 or increased.
Learn the Wordfence advisory:
Featured Picture by Shutterstock/SimpleB
