Top WordPress anti-spam plugin may actually be putting your site at risk of attack

Spam protection, Anti-Spam, and FireWall WordPress plugin found carrying two critical flaws

· TechRadar

News By Sead Fadilpašić published 27 November 2024

(Image credit: Pixabay)
  • Researchers found two flaws in a popular WordPress plugin
  • Flaws allow threat actors to install malicious plugins and run arbitrary code
  • A patch is already available, so WordPress users should update now

A major anti-spam plugin for top website builder WordPress carried a pair of critical severity vulnerabilities which allowed threat actors to install plugins at will, and even execute arbitrary code, remotely.

The bugs have since been patched, and users are advised to deploy them as soon as possible.

The vulnerable plugin is called “Spam protection, Anti-Spam, and Firewall”, and was built by CleanTalk, a company developing spam protection for WordPress, Joomla, Drupal, and other website builders.

Popular plugin

The plugin carried two flaws: one tracked as CVE-2024-10542, and one tracked as CVE-2024-10781. The first has a severity score of 9.8 - critical, while the second 8.1 - high.

The former is an unauthorized Arbitrary Plugin Installation bug, that occurs due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function. As a result, unauthenticated attackers get to install and activate arbitrary plugins which, in some scenarios, can be leveraged to achieve remote code execution.

The latter, on the other hand, is an unauthorized Arbitrary Plugin Installation that occurs due to an missing empty value check on the 'api_key' value in the 'perform' function. The results are the same - achieving remote code execution in certain scenarios (when another vulnerable plugin is installed and activated).

Spam protection, Anti-Spam, and Firewall is a major WordPress plugin, installed on more than 200,000 websites, at press time. The bug was first spotted by a researcher with the alias ‘mikemyers’ who reported their findings to WordFence, a project that researches WordPress vulnerabilities.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors