Two critical vulnerabilities in the popular WordPress plugin "Spam Protection, Anti-Spam, and FireWall" have been identified, potentially affecting more than 200,000 sites. These flaws could allow attackers to install and activate malicious plugins, leading to remote code execution.

CVE-2024-10542 and CVE-2024-10781

Both vulnerabilities hold a CVSS severity score of 9.8, indicating their critical nature.

Affected Versions

The issues have been resolved in the recent updates (versions 6.44 and 6.45).

Authorization Bypass

Both flaws stem from an authorization bypass, enabling unauthorized plugin installations.

CVE-2024-10781: Involves a missing empty value check in the 'api_key' within the 'perform' function, as explained by security researcher István Márton.

CVE-2024-10542: Relates to reverse DNS spoofing affecting the checkWithoutToken() function.

Impact and Recommendations

Successful exploitation allows attackers to manipulate plugin installations and potentially execute harmful scripts. To mitigate these risks, users are strongly advised to update their plugins to the latest secure versions immediately.

Wider Context

Sucuri reports ongoing campaigns exploiting compromised WordPress sites. These threats aim to redirect visitors through malicious ads, steal login credentials, and execute unauthorized PHP code. For continued updates on cybersecurity threats, follow Vault33 on our social platforms.

The link has been copied!