There was a slight vulnerability in the comment scanning interface. It was not very serious, since only the logged-in administrator could execute the malware. In other words, in order to exploit a vulnerability, you need access to a site with administrator privileges. And if an attacker has such access, then this makes this vulnerability irrelevant, because he obviously can add any malicious code without using any vulnerabilities. The vulnerability in the plugin interface can still be exploited in versions till 5.174.1.

Anyway, we added the bugfix in the version 5.174.1 of Anti-Spam Plugin right after we got the message from WordPress Plugin Team. So from now on, all you have to do is to make sure, that your Anti-Spam Plugin is up-to-date. In case you use one of these previous versions, please be sure to update the plugin to the latest stable version as soon as you read this post using our special guide.

Vulnerability in the CleanTalk Anti-Spam plugin for WordPress

Leave a Reply

Your email address will not be published. Required fields are marked *