A recent alarming discovery has unveiled a critical security vulnerability in one of WordPress’s widely-used plugins, Anti-Spam by CleanTalk, with an installation base exceeding 200,000 websites. The vulnerability, consisting of two distinct flaws identified as CVE-2024-10542 and CVE-2024-10781, poses a significant risk as it enables malicious actors to infiltrate affected websites, potentially resulting in remote code execution and full site compromise.
The first vulnerability, CVE-2024-10542, enables attackers to bypass authorization checks by exploiting reverse DNS spoofing. Through manipulation of the checkWithoutToken() function, attackers can masquerade as CleanTalk servers, granting them the ability to deploy unauthorized plugins without proper authentication. This loophole poses a substantial threat as it opens the door for unauthorized individuals to carry out malicious activities on compromised websites.
On the other hand, the second flaw, CVE-2024-10781, stems from the absence of proper validation for empty API keys within the plugin’s configuration. Attackers can leverage this weakness by authorizing themselves using an empty API key hash, facilitating actions such as installing and activating plugins without legitimate access. This vulnerability is particularly concerning as it affects unconfigured plugins, a scenario that is prevalent among less experienced site administrators.
Both vulnerabilities have been classified as critical due to the gravity of their implications, which could lead to remote code execution and jeopardize the security and integrity of impacted websites. Fortunately, users subscribed to Wordfence Premium, Care, and Response services are already shielded by active firewall rules designed to protect against these vulnerabilities.
The technical analysis of the vulnerabilities sheds light on the intricate mechanisms that allow malicious actors to exploit the flaws. For instance, in CVE-2024-10542, the vulnerability lies in the susceptibility of the checkWithoutToken() function to DNS spoofing, enabling attackers to deceive the system and execute unauthorized actions. Similarly, in CVE-2024-10781, the absence of proper validation for empty API keys renders the plugin vulnerable to exploitation, significantly increasing the risk of unauthorized access.
The responsible disclosure of these vulnerabilities through the Wordfence Bug Bounty Program underscores the significance of ethical hacking in identifying and remedying vulnerabilities in WordPress plugins. The discovery resulted in a bounty of $4,095 awarded to the researchers, further incentivizing the cybersecurity community to contribute to enhancing WordPress security measures.
As website administrators play a crucial role in ensuring the security of their sites, it is imperative to heed the urgency of updating to the latest version of the Anti-Spam by CleanTalk plugin to mitigate the risk of exploitation. By prioritizing security and adopting proactive measures, site owners can safeguard their websites and users from potential threats, underscoring the critical importance of timely updates and continuous vigilance in the ever-evolving cybersecurity landscape.