Vulnerability Details CVE-2021-24295
It was possible to exploit an Unauthenticated Time-Based Blind SQL Injection vulnerability in the Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin before 5.153.4. The update_log function in lib/Cleantalk/ApbctWP/Firewall/SFW.php included a vulnerable query that could be injected via the User-Agent Header by manipulating the cookies set by the Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.153.4, sending an initial request to obtain a ct_sfw_pass_key cookie and then manually setting a separate ct_sfw_passed cookie and disallowing it from being reset.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 75.4%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://wpscan.com/vulnerability/152171fc-888c-4275-a118-5a1e664ef28b
- https://www.wordfence.com/blog/2021/05/sql-injection-vulnerability-patched-in-cleantalk-antispam-plugin/
- https://wpscan.com/vulnerability/152171fc-888c-4275-a118-5a1e664ef28b
- https://www.wordfence.com/blog/2021/05/sql-injection-vulnerability-patched-in-cleantalk-antispam-plugin/
Products affected by CVE-2021-24295
-
_antispam
-
_firewall:-
-
_firewall:2.19
-
_firewall:2.21
-
_firewall:2.23
-
_firewall:2.25
-
_firewall:2.27
-
_firewall:2.28
-
_firewall:2.30
-
_firewall:2.31
-
_firewall:2.32
-
_firewall:2.33
-
_firewall:2.34
-
_firewall:2.35
-
_firewall:2.36
-
_firewall:2.38
-
_firewall:2.4.10
-
_firewall:2.4.11
-
_firewall:2.4.12
-
_firewall:2.4.13
-
_firewall:2.4.14
-
_firewall:2.4.15
-
_firewall:2.4.17
-
_firewall:2.4.9
-
_firewall:2.40
-
_firewall:2.41
-
_firewall:2.42
-
_firewall:2.44
-
_firewall:2.45
-
_firewall:2.46
-
_firewall:2.48
-
_firewall:2.49
-
_firewall:2.5.18
-
_firewall:2.50
-
_firewall:2.51
-
_firewall:2.52
-
_firewall:2.53
-
_firewall:2.54
-
_firewall:2.55
-
_firewall:2.56
-
_firewall:2.57
-
_firewall:2.58
-
_firewall:2.59
-
_firewall:3.1
-
_firewall:3.2
-
_firewall:3.4
-
_firewall:3.6
-
_firewall:3.8
-
_firewall:3.9
-
_firewall:4.0
-
_firewall:4.1
-
_firewall:4.10
-
_firewall:4.11
-
_firewall:4.12
-
_firewall:4.13
-
_firewall:4.14
-
_firewall:4.15
-
_firewall:4.16
-
_firewall:4.17
-
_firewall:4.18
-
_firewall:4.19
-
_firewall:4.2
-
_firewall:4.20
-
_firewall:4.21
-
_firewall:4.22
-
_firewall:4.24
-
_firewall:4.24-j
-
_firewall:4.24.1
-
_firewall:4.4
-
_firewall:4.5
-
_firewall:4.6
-
_firewall:4.7
-
_firewall:4.8
-
_firewall:4.9
-
_firewall:5.0
-
_firewall:5.1
-
_firewall:5.10
-
_firewall:5.100
-
_firewall:5.101
-
_firewall:5.102
-
_firewall:5.103
-
_firewall:5.103.1
-
_firewall:5.104
-
_firewall:5.105
-
_firewall:5.106
-
_firewall:5.107
-
_firewall:5.108
-
_firewall:5.108.1
-
_firewall:5.109
-
_firewall:5.110
-
_firewall:5.111
-
_firewall:5.112
-
_firewall:5.113
-
_firewall:5.113.1
-
_firewall:5.113.2
-
_firewall:5.114
-
_firewall:5.115
-
_firewall:5.115.1
-
_firewall:5.115.2
-
_firewall:5.116
-
_firewall:5.116.1
-
_firewall:5.116.2
-
_firewall:5.116.3
-
_firewall:5.117
-
_firewall:5.117.1
-
_firewall:5.118
-
_firewall:5.118.1
-
_firewall:5.118.2
-
_firewall:5.118.3
-
_firewall:5.118.4
-
_firewall:5.119
-
_firewall:5.119.1
-
_firewall:5.12
-
_firewall:5.120
-
_firewall:5.120.1
-
_firewall:5.120.2
-
_firewall:5.121
-
_firewall:5.122
-
_firewall:5.123
-
_firewall:5.124
-
_firewall:5.124.1
-
_firewall:5.125
-
_firewall:5.126
-
_firewall:5.127
-
_firewall:5.127.1
-
_firewall:5.127.2
-
_firewall:5.127.3
-
_firewall:5.127.4
-
_firewall:5.128
-
_firewall:5.128.1
-
_firewall:5.129
-
_firewall:5.129.1
-
_firewall:5.13
-
_firewall:5.130
-
_firewall:5.14
-
_firewall:5.15
-
_firewall:5.153.1
-
_firewall:5.153.2
-
_firewall:5.153.3
-
_firewall:5.16
-
_firewall:5.17
-
_firewall:5.18
-
_firewall:5.19
-
_firewall:5.2
-
_firewall:5.20
-
_firewall:5.21
-
_firewall:5.22
-
_firewall:5.23
-
_firewall:5.24
-
_firewall:5.24.1
-
_firewall:5.25.1
-
_firewall:5.25.2
-
_firewall:5.26
-
_firewall:5.27
-
_firewall:5.28
-
_firewall:5.28.7
-
_firewall:5.29
-
_firewall:5.3
-
_firewall:5.30
-
_firewall:5.31
-
_firewall:5.31.1
-
_firewall:5.32
-
_firewall:5.33
-
_firewall:5.33.1
-
_firewall:5.34
-
_firewall:5.34.1
-
_firewall:5.35
-
_firewall:5.36
-
_firewall:5.36.1
-
_firewall:5.37.3
-
_firewall:5.38.1
-
_firewall:5.39.1
-
_firewall:5.4
-
_firewall:5.40
-
_firewall:5.40.1
-
_firewall:5.40.2
-
_firewall:5.40.3
-
_firewall:5.41
-
_firewall:5.42
-
_firewall:5.43
-
_firewall:5.43.1
-
_firewall:5.43.2
-
_firewall:5.44.1
-
_firewall:5.45
-
_firewall:5.45.1
-
_firewall:5.45.2
-
_firewall:5.46
-
_firewall:5.47
-
_firewall:5.48
-
_firewall:5.49
-
_firewall:5.49.1
-
_firewall:5.49.2
-
_firewall:5.50
-
_firewall:5.50.1
-
_firewall:5.51
-
_firewall:5.52.1
-
_firewall:5.53
-
_firewall:5.53.1
-
_firewall:5.54
-
_firewall:5.55
-
_firewall:5.56
-
_firewall:5.56.1
-
_firewall:5.57
-
_firewall:5.57.1
-
_firewall:5.58
-
_firewall:5.58.1
-
_firewall:5.58.2
-
_firewall:5.58.3
-
_firewall:5.58.4
-
_firewall:5.58.5
-
_firewall:5.58.6
-
_firewall:5.59
-
_firewall:5.6
-
_firewall:5.60
-
_firewall:5.60.1
-
_firewall:5.61
-
_firewall:5.62
-
_firewall:5.63
-
_firewall:5.64
-
_firewall:5.65
-
_firewall:5.66
-
_firewall:5.67
-
_firewall:5.67.1
-
_firewall:5.67.2
-
_firewall:5.67.3
-
_firewall:5.68
-
_firewall:5.69
-
_firewall:5.7
-
_firewall:5.70
-
_firewall:5.70.1
-
_firewall:5.70.2
-
_firewall:5.71
-
_firewall:5.72
-
_firewall:5.73
-
_firewall:5.74
-
_firewall:5.74.1
-
_firewall:5.74.2
-
_firewall:5.75
-
_firewall:5.76
-
_firewall:5.77
-
_firewall:5.78
-
_firewall:5.79
-
_firewall:5.8
-
_firewall:5.80
-
_firewall:5.81
-
_firewall:5.82
-
_firewall:5.82.1
-
_firewall:5.83
-
_firewall:5.83.1
-
_firewall:5.83.2
-
_firewall:5.84
-
_firewall:5.85
-
_firewall:5.86
-
_firewall:5.87
-
_firewall:5.88
-
_firewall:5.89
-
_firewall:5.9
-
_firewall:5.90
-
_firewall:5.91
-
_firewall:5.92
-
_firewall:5.92.1
-
_firewall:5.92.2
-
_firewall:5.93
-
_firewall:5.93.1
-
_firewall:5.94
-
_firewall:5.95
-
_firewall:5.95.1
-
_firewall:5.96
-
_firewall:5.97
-
_firewall:5.98
-
_firewall:5.99
-
_firewall:5.99.1
-
cpe:2.3:a:cleantalk:spam_protection