The vulnerability identified by Wordfence researchers relates to reverse DNS spoofing. This technique makes the plugin think that malicious requests are coming from the site itself, allowing it to bypass security checks and gain unauthorized access.
The issue is present in all versions of the CleanTalk Anti-Spam plugin up to version 6.43.2. Attackers can use this flaw to install optional add-ons, including viruses.
Wordfence recommends users update to version 6.44 or higher to protect their sites.
Source: Ferra
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
