A critical Broken Access Control vulnerability has been identified in the Security & Malware scan by CleanTalk plugin. This vulnerability could allow an unprivileged user to execute certain higher privileged actions on the website.

This vulnerability was discovered and responsibly reported by Jerome Bruandet.

It is a Broken Access Control vulnerability that occurs in the plugin code. The vulnerability allows an attacker to exploit a flaw in the way that the plugin handles authorization and authentication checks to execute certain higher privileged actions on the website.

Severity

Critical (CVSS 3.1 score of 8.8)

Affected Versions

All versions of the Security & Malware scan by CleanTalk plugin prior to 2.51

Impact

An attacker who successfully exploits this vulnerability could gain access to sensitive information or perform unauthorized actions on your website, such as:

  • Installing and executing malicious code
  • Stealing user data
  • Defacing the website
  • Taking control of the website

Recommendation

Immediate action is required to mitigate this critical vulnerability:

  • Update immediately: Update the Security & Malware scan by CleanTalk plugin to the latest available version (at least 2.51). This vulnerability has been fixed in version 2.51.
  • Implement a WordPress security plugin or solution: A WordPress security plugin or solution can help to proactively monitor the website for unusual activities and vulnerabilities.
  • Keep WordPress core, plugins, and themes up to date: Regularly updating WordPress core, plugins, and themes can help reduce exposure to known vulnerabilities.
  • Have a backup strategy in place: Regularly backing up the website can help quickly recover in the event of a security breach or other emergency.