WordPress Plugin Vulnerabilities

Security & Malware scan by CleanTalk < 2.51 - Security Nonce Leak leading to Unauthorised AJAX call

Description

Security nonce leak, allowing any authenticated users (such as subscribers) to make unauthorised AJAX call which could lead to arbitrary file deletion/download and function call.

Note (WPScanTeam): We do not consider the issue fully remediated, as the AJAX calls rely on CSRF check for authorisation, instead of proper authorisation verification with the current_user_can() function. However, it would require chaining with other issues to be exploited.

Affects Plugins

Plugin icon
security-malware-firewall
Fixed in 2.51

References

CVE
CVE-2020-36698
URL
https://blog.nintechnet.com/multiple-vulnerabilities-fixed-in-security-malware-scan-by-cleantalk-plugin/

Miscellaneous

Original Researcher
Jerome Bruandet (nintechnet.net)
Verified
No
WPVDB ID
23960f42-dfc1-4951-9169-02d889283f01

Timeline

Publicly Published
2020-07-06 (about 3 years ago)
Added
2020-07-06 (about 3 years ago)
Last Updated
2023-11-03 (about 6 months ago)

Other

Published
Title
Published
2014-08-01
Title
IWantOneButton 3.0.1 - Multiple Vulnerabilities
Published
2018-01-08
Title
GD Rating System 2.3 - Multiple Vulnerabilities
Published
2019-05-08
Title
WPGraphQL < 0.3.0 - Multiple Vulnerabilities
Published
2014-08-01
Title
Wordfence 3.3.5 - XSS & IAA
Published
2016-07-19
Title
Icegram <= 1.9.18 - Cross-Site Request Forgery (CSRF) & XSS