Boletines de Vulnerabilidades

SQL Injection Vulnerability Patched in CleanTalk AntiSpam Plugin


Información sobre el sistema

   
Software afectado Wordpress

Descripción

On March 4, 2021, the Wordfence Threat Intelligence team initiated responsible disclosure for a Time-Based Blind SQL Injection vulnerability discovered in Spam protection, AntiSpam, FireWall by CleanTalk, a WordPress plugin installed on over 100,000 sites. This vulnerability could be used to extract sensitive information from a site’s database, including user emails and password hashes, all […]

More info:

https://www.wordfence.com/blog/2021/05/sql-injection-vulnerability-patched-in-cleantalk-antispam-plugin/

Identificadores estándar

Propiedad Valor
CVE CVE-2021-24295.

Histórico de versiones

Versión Comentario Data
1.0 Advisory issued 2021-05-11
Ministerio de Defensa
CNI
CCN
CCN-CERT