CVE-2024-10570 HIGH

CVE-2024-10570: Security & Malware scan by CleanTalk <= 2.145 - Authorization Bypass via Reverse DNS Spoofing to Unauthenticated SQL Injection

Vendor Cleantalk
Product Login Security, FireWall, Malware removal by CleanTalk
Weakness CWE-89 · SQLi
Published November 26, 2024
Last update April 8, 2026

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized SQL Injection due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 2.145, as well as insufficient input sanitization and validation. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Key dates

02Disclosure timeline

November 26, 2024 CVE published
April 8, 2026 Record updated