← Back

CVE-2024-13365

nvd nist
Published: Feb 12, 2025Modified: Feb 25, 2025

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: security@wordfence.com (Secondary)

Description

The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to arbitrary file uploads due to the plugin uploading and extracting .zip archives when scanning them for malware through the checkUploadedArchive() function in all versions up to, and including, 2.149. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

Affected (1)

Cleantalk
1 product
Security & Malware Scan
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Security & Malware Scan
Before 2.150

Related CWEs

CWE-434
Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

Source: security@wordfence.com
Patch
Source: security@wordfence.com
Third Party Advisory

Timeline

No history available yet.