CVE-2021-24295 Scanner

This software is widely used as a WordPress plugin for protecting websites from spam and unwanted content. Developed by CleanTalk, it provides comprehensive protection using various firewall rules and spam filters. The plugin integrates seamlessly with WordPress, offering an easy-to-use interface for website administrators. Its features include comment moderation, form protection, and the ability to combat spam registrations or comments on websites. The plugin is favored by many for its capability to secure websites without affecting the user experience. Constant updates ensure it adapts to the latest threats, making it a reliable choice for website security.

The vulnerability in question is an Unauthenticated Blind SQL Injection in the CleanTalk plugin. This type of vulnerability allows attackers to inject malicious SQL statements into queries, potentially leading to unauthorized access or database manipulation. Before version 5.153.4, the plugin was susceptible to this flaw, which could be exploited through manipulated cookies and HTTP headers. The plugin did not adequately sanitize user inputs, allowing for SQL code execution. Attackers could leverage the User-Agent Header to inject SQL commands, which underscores the severity of this issue. Such vulnerabilities are critical as they can lead to data breaches and unauthorized database access.

The technical details of the vulnerability involve improper sanitization in a specific update_log function. This function resides in the firewall component of the plugin and processes incoming requests. By manipulating cookies such as ct_sfw_pass_key and introducing a ct_sfw_passed cookie, attackers could exploit this to bypass security checks. The vulnerability mainly affects the User-Agent HTTP header, where SQL injection could occur. This action requires no user authentication, making it easy for attackers to bypass traditional access controls. Such technical oversights can be particularly damaging as they provide direct access without proper validation checks.

Exploitation of this vulnerability could lead to severe consequences. Attackers might gain unauthorized access to sensitive information stored within the WordPress database. This could include user credentials, leading to data theft or unauthorized data manipulation. The vulnerability could allow attackers to execute arbitrary SQL commands, potentially degrading database integrity or availability. In some cases, it could further privilege escalation attacks if exploited with other vulnerabilities. Such attacks could compromise the entire website, leading to downtime, data loss, and reputational damage for the website owner.

REFERENCES

• https://wpscan.com/vulnerability/152171fc-888c-4275-a118-5a1e664ef28b
• https://github.com/20142995/nuclei-templates