What is CVE-2024-10542?

CVE-2024-10542 is a security vulnerability identified in cleantalk-spam-protect. This analysis provides detailed information about the vulnerability, its impact, and potential exploits.

Is there a PoC for CVE-2024-10542?

This security analysis examines the vulnerability in detail. Review the analysis findings for exploit potential and proof-of-concept information related to CVE-2024-10542.

How can I protect against CVE-2024-10542?

Review the patch diff analysis in this report to understand the security fix. Updating to the patched version is recommended to mitigate CVE-2024-10542.

REPORT / 01

Analysis Report · cleantalk-spam-protect 6.43 → 6.44 — CVE-2024-10542

Shared security patch analysis results

mode patchdiff ai claude_cli haiku

02 · Lifecycle actions cancel · resume · skip · regenerate

03 · Share this analysis copy link · embed report

03 · CVE Security Analysis & Writeups ai-generated · per cve

Comprehensive security analysis generated by AI for each confirmed CVE match. Click on a CVE to view the detailed writeup including vulnerability background, technical details, patch analysis, and PoC guide.

CVE-2024-10542 NVD

AI-Generated Analysis

## 1. Vulnerability Background

What is this vulnerability?

- CVE-2024-10542 is an authorization bypass in the WordPress plugin "Spam protection, Anti-Spam, FireWall by CleanTalk".
- The bug exists in the remote call authorization flow used by the plugin’s `checkWithoutToken()` mechanism.
- The plugin attempts to trust incoming requests from CleanTalk infrastructure by inspecting the reverse DNS of the request source IP.
- In versions up to and including 6.43.2, this trust decision is vulnerable to reverse DNS spoofing and substring matching abuse.

Why is it critical/important?

- The vulnerability allows unauthenticated attackers to bypass normal token/API-key based authorization.
- Through this bypass, attackers can install and activate arbitrary plugins.
- Arbitrary plugin installation/activation can lead to remote code execution when combined with an already vulnerable or malicious plugin.
- The vulnerability affects the integrity of the WordPress installation and can lead to full site compromise.

What systems/versions are affected?

- CleanTalk WordPress plugin versions up to and including 6.43.2.
- Any WordPress site with this plugin active and with the remote call endpoint exposed to the public internet.

## 2. Technical Details

Root cause analysis

- The vulnerable code is in `lib/Cleantalk/ApbctWP/RemoteCalls.php`.
- Old logic used:
  - `Helper::ipResolve(Helper::ipGet())`
  - `strpos(..., 'cleantalk.org') !== false`
- This logic assumed that a resolved hostname containing `cleantalk.org` meant the request came from a legitimate CleanTalk server.
- The check was:
  - weak because it used substring matching
  - dependent on reverse DNS trust
  - vulnerable to reverse DNS spoofing or maliciously crafted PTR records
- `checkWithoutToken()` also allowed any remote call action when it returned true, meaning privileged operations could execute without a valid token.

Attack vector and exploitation conditions

- Attacker needs to send a request to the CleanTalk remote call endpoint with:
  - `spbc_remote_call_action`
  - `plugin_name` among expected values (`antispam`, `anti-spam`, `apbct`)
- If the request source IP resolves to a hostname containing `cleantalk.org`, the request is accepted.
- Because the hostname check is substring-based, names like:
  - `evil.cleantalk.org.attacker.com`
  - `cleantalk.org.evil.net`
  can pass.
- An attacker who controls an IP address or a DNS record can exploit this by ensuring the PTR record includes the target string, or by using a compromised host with a suitable reverse DNS.

Security implications

- Unauthorized remote actions can be executed without authentication.
- The plugin can be forced to install and activate arbitrary plugins.
- Remote code execution becomes possible if the attacker installs a backdoor plugin or enables an existing vulnerable plugin.
- The vulnerability undermines the assumption that CleanTalk-originated remote calls are safe simply because of reverse DNS content.

## 3. Patch Analysis

What code changes were made?

- In `lib/Cleantalk/ApbctWP/RemoteCalls.php`:
  - A fixed allowlist of trusted CleanTalk servers was added:
    - `netserv3.cleantalk.org`
    - `netserv4.cleantalk.org`
  - The authorization check was changed from:
    - `strpos(Helper::ipResolve(Helper::ipGet()), 'cleantalk.org') !== false`
    to:
    - `in_array(Helper::ipResolve(Helper::ipGet('remote_addr')), $rc_servers, true)`
  - The source IP retrieval was tightened from generic `Helper::ipGet()` to `Helper::ipGet('remote_addr')`.
  - A new action whitelist was introduced via `isAllowedWithoutToken($action)`.
  - Tokenless execution is now limited to only safe actions:
    - `get_fresh_wpnonce`
    - `post_api_key`

How do these changes fix the vulnerability?

- Exact hostname allowlist:
  - removes substring matching and reverse DNS content trust
  - only specific known CleanTalk server hostnames are accepted
- Source IP hardening:
  - `remote_addr` ensures the actual connection IP is evaluated instead of possibly spoofable header-derived values
- Action allowlist:
  - even if a trusted server check passes, only low-risk actions can execute without token authentication
  - prevents arbitrary privileged operations from being invoked

Security improvements introduced

- stronger validation of remote-call source
- removal of reverse DNS spoofing as an authentication factor
- reduced attack surface through action-level restrictions
- adherence to least privilege for unauthenticated or tokenless requests

## 4. Proof of Concept (PoC) Guide

Prerequisites for exploitation

- Target WordPress site running CleanTalk plugin version <= 6.43.2
- Remote call endpoint reachable from attacker-controlled network
- Ability to control or influence reverse DNS for the source IP used for the request
- Knowledge of the plugin’s remote-call parameters and action names

Step-by-step exploitation approach

1. Identify the target endpoint used by CleanTalk remote calls, typically via WordPress AJAX or a specific plugin API endpoint.
2. Prepare a source IP whose reverse DNS resolves to a hostname containing `cleantalk.org`.
3. Craft a request including:
   - `spbc_remote_call_action=<desired_action>`
   - `plugin_name=apbct` or one of the allowed names
   - other required parameters for the chosen action
4. Send the request from the attacker-controlled IP.
5. If the request is accepted, use it to trigger plugin installation or activation operations.

Expected behavior vs exploited behavior

- Expected behavior after fix:
  - request from non-allowed hostnames is rejected
  - only safe tokenless actions are permitted
  - arbitrary plugin installation/activation is blocked unless a valid token/API key is provided
- Behavior in vulnerable versions:
  - request passes the weak reverse DNS check
  - `checkWithoutToken()` returns true
  - action is executed without token authentication
  - arbitrary plugin management requests can succeed

How to verify the vulnerability exists

- Send a test request from a controlled IP with a reverse DNS containing `cleantalk.org`
- Attempt a non-sensitive remote action that still indicates success
- Observe whether the plugin accepts the request without a valid token
- Check plugin installation/activation status or application logs for unauthorized activity

## 5. Recommendations

Mitigation strategies

- Upgrade CleanTalk plugin to a patched version beyond 6.43.2
- If upgrade is not immediately possible:
  - restrict access to CleanTalk remote endpoints by IP
  - block inbound requests to `admin-ajax.php` and other plugin endpoints from untrusted sources
  - disable remote call features if not in use

Detection methods

- monitor for requests containing `spbc_remote_call_action`
- log and alert on unexpected remote calls from non-CleanTalk IP addresses
- inspect plugin activation and installation events for anomalies
- deploy WAF rules for suspicious CleanTalk remote call patterns

Best practices to prevent similar issues

- never rely on reverse DNS or substring matches for authentication
- validate remote source hosts using an exact allowlist
- use cryptographic authentication tokens for privileged operations
- implement action-level allowlists for unauthenticated or fallback flows
- ensure source IP decisions use the actual connection address, not client-controlled headers
- minimize the number of operations permitted without a valid token or key

05 · Findings filter · search · paginate

Showing 0 to 0 of 0 results

inc/cleantalk-settings.php AI: 1 vulnerabilities 1 false positive CVE-2024-10542

--- cache/cleantalk-spam-protect_6.43/inc/cleantalk-settings.php	2026-01-07 16:23:14.961172611 +0000+++ cache/cleantalk-spam-protect_6.44/inc/cleantalk-settings.php	2026-01-07 16:23:27.957980940 +0000@@ -2,6 +2,7 @@  use Cleantalk\ApbctWP\AdjustToEnvironmentModule\AdjustToEnvironmentHandler; use Cleantalk\ApbctWP\AdjustToEnvironmentModule\AdjustToEnvironmentSettings;+use Cleantalk\ApbctWP\Antispam\EmailEncoder; use Cleantalk\ApbctWP\Escape; use Cleantalk\ApbctWP\Helper; use Cleantalk\ApbctWP\LinkConstructor;@@ -110,6 +111,11 @@         ? '<br>' . __(' - status of SpamFireWall database updating process', 'cleantalk-spam-protect')         : ''; +    $current_user = wp_get_current_user();+    $current_user_email = $current_user->exists() ? $current_user->user_email : '[email protected]';+    $emailEncoder = EmailEncoder::getInstance();+    $current_user_email = $emailEncoder->ignoreOpenSSLMode()->modifyContent($current_user_email);+     $fields = array(          'main' => array(@@ -182,8 +188,30 @@                 'data__email_decoder'        => array(                     'type'        => 'checkbox',                     'title'       => __('Encode contact data', 'cleantalk-spam-protect'),-                    'description' => __('Turn on this option to prevent crawlers grab contact data (emails) from website content.', 'cleantalk-spam-protect'),-                    'long_description' => true,+                    'description' =>+                        sprintf(+                            __(+                                'This option allows you to encode contacts on the public pages of the site. This prevents robots from automatically collecting such data and prevents it from being included in spam lists. %s',+                                'cleantalk-spam-protect'+                            ),+                            '<a href="https://blog.cleantalk.org/wordpress-how-hide-email-address-from-bots-and-spammers/?utm_source=apbct_hint_data__email_decoder&utm_medium=WordPress&utm_campaign=ABPCT_Settings" target="_blank">' . __(+                                'Learn more.',+                                'cleantalk-spam-protect'+                            ) . '</a>'+                        )+                        . '<br><span id="apbct-email-decoder-example-text">' . __(+                            'Try to decode, just click on email ',+                            'cleantalk-spam-protect'+                        ) . '</span>'+                        . '<span id="apbct-email-decoder-example-email">' . $current_user_email . '</span>'+                        . '<br>'+                        . sprintf(+                            __(+                                'If the option was turned off, you can anyway encode contact data using shortcode\hook. Learn more %s.',+                                'cleantalk-spam-protect'+                            ),+                            '<a href="#" target="_blank">' . __('here', 'cleantalk-spam-protect') . '</a>'+                        )                 ),                 'comments__the_real_person' => array(                     'type'        => 'checkbox',@@ -290,6 +318,21 @@                         'cleantalk-spam-protect'                     ),                 ),+                'data__honeypot_field' => array(+                    'title'           => __(+                        'Add a honeypot field',+                        'cleantalk-spam-protect'+                    ),+                    'description'     => __(+                        'This option adds a honeypot field to the forms.',+                        'cleantalk-spam-protect'+                    ),+                    'options'         => array(+                        array('val' => 1, 'label' => __('On')),+                        array('val' => 0, 'label' => __('Off')),+                    ),+                    'long_description' => true,+                ),             ),         ), @@ -605,26 +648,28 @@                     'title'       => __('Show email existence alert when filling in the field', 'cleantalk-spam-protect'),                     'description' => __('Check email address exist before sending form data', 'cleantalk-spam-protect'),                 ),-                'data__honeypot_field'         => array(-                    'title'           => __(-                        'Add a honeypot field',-                        'cleantalk-spam-protect'-                    ),-                    'description'     => __(-                        'This option adds a honeypot field to the forms.',-                        'cleantalk-spam-protect'-                    ),-                    'options'         => array(-                        array('val' => 1, 'label' => __('On')),-                        array('val' => 0, 'label' => __('Off')),-                    ),-                    'long_description' => true,-                ),                 'data__email_decoder'        => array(-                    'title'       => __('Encode contact data', 'cleantalk-spam-protect'),-                    'description' => __('Turn on this option to prevent crawlers grab contact data (emails) from website content.', 'cleantalk-spam-protect'),-                    'long_description' => true,-                    'childrens'   => array('data__email_decoder_buffer')+                    'title' => __('Encode contact data', 'cleantalk-spam-protect'),+                    'description' =>+                        sprintf(+                            __(+                                'This option allows you to encode contacts on the public pages of the site. This prevents robots from automatically collecting such data and prevents it from being included in spam lists. %s',+                                'cleantalk-spam-protect'+                            ),+                            '<a href="https://blog.cleantalk.org/wordpress-how-hide-email-address-from-bots-and-spammers/?utm_source=apbct_hint_data__email_decoder&utm_medium=WordPress&utm_campaign=ABPCT_Settings" target="_blank">' . __(+                                'Learn more.',+                                'cleantalk-spam-protect'+                            ) . '</a>'+                        )+                        . '<br>'+                        . sprintf(+                            __(+                                'If the option was turned off, you can anyway encode contact data using shortcode\hook. Learn more %s.',+                                'cleantalk-spam-protect'+                            ),+                            '<a href="#" target="_blank">' . __('here', 'cleantalk-spam-protect') . '</a>'+                        ),+                    'childrens' => array('data__email_decoder_buffer')                 ),                 'data__email_decoder_buffer'        => array(                     'title'       => __('Use the output buffer', 'cleantalk-spam-protect'),@@ -1544,6 +1589,7 @@                 'Error occurred on last SpamFireWall check. ',                 'cleantalk-spam-protect'             ),+            'email_encoder'           => __('Email encoder:', 'cleantalk-spam-protect'),              // Validating settings             'settings_validate' => 'Validate Settings',@@ -3292,7 +3338,7 @@             //HANDLE LINK             'desc'  => sprintf(                 esc_html__('The option helps to block bots . The honeypot field option adds a hidden field to the form. When spambots come to a website form, they can fill out each input field. Enable this option to make the protection stronger on these forms. Learn more about supported forms %s', 'cleantalk-spam-protect'),-                '<a href="https://cleantalk.org/help/wordpress-plugin-settings{utm_mark}#honeypot" target="_blank">' . __('here.', 'cleantalk-spam-protect') . '</a>'+                '<a href="https://cleantalk.org/help/honeypot-field{utm_mark}" target="_blank">' . __('here.', 'cleantalk-spam-protect') . '</a>'             )         ),         'sfw__enabled' => array(@@ -3307,14 +3353,6 @@                 '<a href="https://cleantalk.org/help/anti-flood-and-anti-crawler{utm_mark}" target="_blank">' . __('here.', 'cleantalk-spam-protect') . '</a>'             )         ),-        'data__email_decoder' => array(-            'title' => __('Encode contact data', 'cleantalk-spam-protect'),-            //HANDLE LINK-            'desc'  => sprintf(-                __('This option allows you to encode contacts on the public pages of the site. This prevents robots from automatically collecting such data and prevents it from being included in spam lists. %s', 'cleantalk-spam-protect'),-                '<a href="https://cleantalk.org/help/email-encode{utm_mark}" target="_blank">' . __('Learn more.', 'cleantalk-spam-protect') . '</a>'-            )-        ),         'exclusions__form_signs' => array(             'title' => __('Form Signs Exclusions', 'cleantalk-spam-protect'),             'desc'  => __('The plugin will check the POST array to find regular expressions matches. Usually, field\'s

AI Analysis

Let me analyze the security implications of this diff:

---

**Vulnerability 1:**

Vulnerability Existed: yes
FALSE POSITIVE
Stored XSS (Cross-Site Scripting) - CWE-79 - inc/cleantalk-settings.php Lines 207-210
Old Code:
```php
'description' => __('Turn on this option to prevent crawlers grab contact data (emails) from website content.', 'cleantalk-spam-protect'),
'long_description' => true,
```

Fixed Code:
```php
'description' =>
    sprintf(
        __(
            'This option allows you to encode contacts on the public pages of the site. This prevents robots from automatically collecting such data and prevents it from being included in spam lists. %s',
            'cleantalk-spam-protect'
        ),
        '<a href="https://blog.cleantalk.org/wordpress-how-hide-email-address-from-bots-and-spammers/?utm_source=apbct_hint_data__email_decoder&utm_medium=WordPress&utm_campaign=ABPCT_Settings" target="_blank">' . __(
            'Learn more.',
            'cleantalk-spam-protect'
        ) . '</a>'
    )
    . '<br><span id="apbct-email-decoder-example-text">' . __(
        'Try to decode, just click on email ',
        'cleantalk-spam-protect'
    ) . '</span>'
    . '<span id="apbct-email-decoder-example-email">' . $current_user_email . '</span>'
```

Explanation:
The fix adds `$current_user_email` which is encoded via `EmailEncoder::getInstance()->ignoreOpenSSLMode()->modifyContent()` before being output in the description field. This encoding prevents XSS attacks. The old code had a simpler description without email output, so it had lower XSS risk. The new code properly encodes the current user's email address before displaying it in HTML context, mitigating Stored XSS vulnerability.

---

**Vulnerability 2:**

Vulnerability Existed: not sure
Improper Input Validation / Unvalidated URL Redirect - CWE-601 - inc/cleantalk-settings.php Line 3341
Old Code:
```php
'<a href="https://cleantalk.org/help/wordpress-plugin-settings{utm_mark}#honeypot" target="_blank">' . __('here.', 'cleantalk-spam-protect') . '</a>'
```

Fixed Code:
```php
'<a href="https://cleantalk.org/help/honeypot-field{utm_mark}" target="_blank">' . __('here.', 'cleantalk-spam-protect') . '</a>'
```

Explanation:
The change modifies the URL path from `wordpress-plugin-settings{utm_mark}#honeypot` to `honeypot-field{utm_mark}`. Both are hardcoded URLs to the cleantalk.org domain with proper https protocol. Neither presents a clear unvalidated redirect vulnerability since the domain is hardcoded. The change appears to be updating to a more specific help page URL rather than a security fix. The `{utm_mark}` placeholder suggests server-side replacement of utm parameters, which is a normal tracking practice. Not a confirmed vulnerability.

---

**Vulnerability 3:**

Vulnerability Existed: no
Information Disclosure / Sensitive Data Exposure - CWE-200 - inc/cleantalk-settings.php Lines 114-117
Old Code:
(No previous code - this is new code added)

Fixed Code:
```php
$current_user = wp_get_current_user();
$current_user_email = $current_user->exists() ? $current_user->user_email : '[email protected]';
$emailEncoder = EmailEncoder::getInstance();
$current_user_email = $emailEncoder->ignoreOpenSSLMode()->modifyContent($current_user_email);
```

Explanation:
This new code retrieves the current user's email and encodes it before display. The code includes proper checks: `$current_user->exists()` validates the user exists before accessing `user_email`. A fallback to `'[email protected]'` is used if no user exists. The email is then encoded using `EmailEncoder` before being output in HTML. This is NOT vulnerable because: (1) it accesses WordPress's authenticated user context (safe), (2) it validates existence before access, and (3) it properly encodes output. This demonstrates a security-conscious approach to handling sensitive user data.

CVE Analysis Results:

CVE-2024-10542: Yes

View CVE Description

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 6.43.2. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated.

lib/Cleantalk/ApbctWP/RemoteCalls.php AI: 2 vulnerabilities 2 true positives CVE-2024-10542

--- cache/cleantalk-spam-protect_6.43/lib/Cleantalk/ApbctWP/RemoteCalls.php	2026-01-07 16:23:14.997174850 +0000+++ cache/cleantalk-spam-protect_6.44/lib/Cleantalk/ApbctWP/RemoteCalls.php	2026-01-07 16:23:28.005983926 +0000@@ -12,6 +12,11 @@ {     const COOLDOWN = 10; +    private static $allowedActionsWithoutToken = [+        'get_fresh_wpnonce',+        'post_api_key',+    ];+     /**      * Checking if the current request is the Remote Call      *@@ -31,14 +36,24 @@                in_array(Request::get('plugin_name'), array('antispam', 'anti-spam', 'apbct'));     } +    private static function isAllowedWithoutToken($rc)+    {+        return in_array($rc, self::$allowedActionsWithoutToken, true);+    }+     public static function checkWithoutToken()     {         global $apbct; +        $rc_servers = [+            'netserv3.cleantalk.org',+            'netserv4.cleantalk.org',+        ];+         $is_noc_request = ! $apbct->key_is_ok &&             Request::get('spbc_remote_call_action') &&             in_array(Request::get('plugin_name'), array('antispam', 'anti-spam', 'apbct')) &&-            strpos(Helper::ipResolve(Helper::ipGet()), 'cleantalk.org') !== false;+            in_array(Helper::ipResolve(Helper::ipGet('remote_addr')), $rc_servers, true);          // no token needs for this action, at least for now         // todo Probably we still need to validate this, consult with analytics team@@ -79,7 +94,7 @@                 if (                     ($token === strtolower(md5($apbct->api_key)) ||                      $token === strtolower(hash('sha256', $apbct->api_key))) ||-                    self::checkWithoutToken()+                    (self::checkWithoutToken() && self::isAllowedWithoutToken($action))                 ) {                     // Flag to let plugin know that Remote Call is running.                     $apbct->rc_running = true;

AI Analysis

Based on my analysis of the code diff between versions 6.43 and 6.44, here are the security vulnerabilities and fixes:

---

**Vulnerability 1:**

Vulnerability Existed: yes
TRUE POSITIVE

Improper Input Validation - CWE-20 - lib/Cleantalk/ApbctWP/RemoteCalls.php Lines 31-41 (old) vs 53-56 (new)

Old Code:
```php
$is_noc_request = ! $apbct->key_is_ok &&
    Request::get('spbc_remote_call_action') &&
    in_array(Request::get('plugin_name'), array('antispam', 'anti-spam', 'apbct')) &&
    strpos(Helper::ipResolve(Helper::ipGet()), 'cleantalk.org') !== false;
```

Fixed Code:
```php
$rc_servers = [
    'netserv3.cleantalk.org',
    'netserv4.cleantalk.org',
];

$is_noc_request = ! $apbct->key_is_ok &&
    Request::get('spbc_remote_call_action') &&
    in_array(Request::get('plugin_name'), array('antispam', 'anti-spam', 'apbct')) &&
    in_array(Helper::ipResolve(Helper::ipGet('remote_addr')), $rc_servers, true);
```

Explanation:
The original code used `strpos()` to check if the resolved IP contains 'cleantalk.org', which is vulnerable to IP spoofing and pattern matching bypass. For example, an attacker could use an IP resolving to a domain like 'evil-cleantalk.org.attacker.com' to bypass the check. The fix replaces this with a strict whitelist comparison using `in_array()` with strict type checking (`true` parameter), restricting remote calls to only two specific allowed servers. Additionally, the fix changes `Helper::ipGet()` to `Helper::ipGet('remote_addr')` to explicitly specify the source IP, improving clarity and security.

---

**Vulnerability 2:**

Vulnerability Existed: yes
TRUE POSITIVE

Insufficient Access Control / Unrestricted Remote Command Execution - CWE-94 - lib/Cleantalk/ApbctWP/RemoteCalls.php Lines 79-82 (old) vs 94-97 (new)

Old Code:
```php
if (
    ($token === strtolower(md5($apbct->api_key)) ||
     $token === strtolower(hash('sha256', $apbct->api_key))) ||
    self::checkWithoutToken()
) {
```

Fixed Code:
```php
if (
    ($token === strtolower(md5($apbct->api_key)) ||
     $token === strtolower(hash('sha256', $apbct->api_key))) ||
    (self::checkWithoutToken() && self::isAllowedWithoutToken($action))
) {
```

Explanation:
The original code allowed ANY remote call action to execute if `checkWithoutToken()` returned true. The vulnerability exists because `checkWithoutToken()` only validates the request source (IP and basic parameters), not the specific action being performed. This allowed unauthorized remote actions like `action__sfw_update`, `action__debug`, `action__post_api_key`, etc., to execute without proper token authentication. The fix implements an action whitelist via the new `isAllowedWithoutToken()` method, which restricts token-less execution to only two safe actions: 'get_fresh_wpnonce' and 'post_api_key'. This prevents unauthorized remote code execution through NoC (Network Operations Center) requests.

CVE Analysis Results:

CVE-2024-10542: Yes

View CVE Description

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 6.43.2. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated.

Showing 1 to 2 of 2 results