Vulnerabilites related to Unknown - Security & Malware scan by CleanTalk
cve-2023-5239
Vulnerability from cvelistv5
Published
2023-11-27 16:22
Modified
2024-08-02 07:52
Severity ?
Summary
The Security & Malware scan by CleanTalk WordPress plugin before 2.121 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass bruteforce protection.
References
https://wpscan.com/vulnerability/1d748f91-773b-49d6-8f68-a27d397713c3exploit, vdb-entry, technical-description
Impacted products
Vendor Product Version
Unknown Security & Malware scan by CleanTalk Version: 0   
Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:52:08.529Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "exploit",
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/1d748f91-773b-49d6-8f68-a27d397713c3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "product": "Security \u0026 Malware scan by CleanTalk",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "2.121",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Bartlomiej Marek"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "WPScan"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Security \u0026 Malware scan by CleanTalk WordPress plugin before 2.121 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass bruteforce protection."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-290 Authentication Bypass by Spoofing",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-27T16:22:00.577Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "exploit",
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://wpscan.com/vulnerability/1d748f91-773b-49d6-8f68-a27d397713c3"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Security \u0026 Malware scan by CleanTalk \u003c 2.121 - IP Spoofing",
      "x_generator": {
        "engine": "WPScan CVE Generator"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2023-5239",
    "datePublished": "2023-11-27T16:22:00.577Z",
    "dateReserved": "2023-09-27T17:21:24.474Z",
    "dateUpdated": "2024-08-02T07:52:08.529Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}