9.8
CVE-2024-13365
- EPSS 1.51%
- Veröffentlicht 12.02.2025 10:15:10
- Zuletzt bearbeitet 25.02.2025 18:27:25
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginSecurity & Malware scan by CleanTalk <= 2.149 - Unauthenticated Arbitrary File Upload
Security & Malware scan by CleanTalk <= 2.149 - Unauthenticated Arbitrary File Upload
The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to arbitrary file uploads due to the plugin uploading and extracting .zip archives when scanning them for malware through the checkUploadedArchive() function in all versions up to, and including, 2.149. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Mögliche Gegenmaßnahme
Security Plugin, Firewall & Malware Scanner with Auto Removal: Update to version 2.150, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cleantalk ≫ Security & Malware Scan SwPlatformwordpress Version < 2.150
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Security Plugin, Firewall & Malware Scanner with Auto Removal
Version
*-2.149
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.51% | 0.71 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
https://plugins.trac.wordpress.org/changeset/3229205/security-malware-firewall#file527
https://www.wordfence.com/threat-intel/vulnerabilities/id/9fa30fa2-6c42-4e5f-a0b5-8711ce5d8121?source=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/9fa30fa2-6c42-4e5f-a0b5-8711ce5d8121