Critical Security Risks Found in WordPress Anti-Spam Plugin
Two Major Vulnerabilities Could Threaten Your Website
A pair of serious vulnerabilities have been discovered in the Spam Prevention, Anti-Spam, and Firewall plugin for WordPress. These flaws could let attackers install and activate harmful plugins on unprotected websites, potentially leading to remote code execution (RCE).
You might be interested in: GoIssue Targets GitHub Users with Mass Phishing Attacks
The vulnerabilities, now identified as CVE-2024-10542 and CVE-2024-10781, have been given a high severity score of 9.8 out of 10 on the CVSS scale. If you’re using this plugin, it’s critical to take action immediately.
What’s at Risk?
The plugin, created by CleanTalk and installed on over 200,000 WordPress sites, is widely used to block spam comments, fake registrations, and more. But these security holes expose users to attacks that bypass authorization, allowing malicious plugins to be installed and activated.
According to cybersecurity experts at Wordfence:
- Attackers could use the perform() function in plugin versions up to 6.44 to install any plugin they want.
- The checkWithoutToken() function has a similar flaw, where reverse DNS spoofing could bypass security checks.
Once an attacker exploits these weaknesses, they can install, enable, disable, or even delete plugins—putting your site and data at serious risk.
Why This Matters
If attackers activate plugins with their own vulnerabilities, it opens the door to remote code execution. This can lead to:
- Hackers taking full control of your website.
- Sensitive data, like login credentials, being stolen.
- Visitors being redirected to dangerous scam sites.
How to Protect Your Website
The issues were fixed in versions 6.44 and 6.45 of the plugin, both released this month. If you’re using an older version, you must update immediately to secure your site.
Steps to Stay Safe:
- Update Your Plugin: Make sure you’re running the latest version of the Spam Prevention, Anti-Spam, and Firewall plugin.
- Check for Suspicious Activity: Review your site for any unauthorized plugins or changes.
- Enable Additional Security: Consider using a trusted firewall or malware scanner to catch any hidden threats.
Broader Security Concerns
This news comes as another warning for WordPress users. Sucuri recently flagged multiple hacking campaigns targeting WordPress sites. Hackers are using compromised sites to:
- Redirect visitors to scam pages.
- Steal admin passwords.
- Inject malicious code into websites.
Final Reminder
Cybersecurity experts strongly recommend all website owners keep their plugins and themes updated to the latest versions. This simple step can protect your site from serious risks and keep your visitors safe.