The developers of the CleanTalk’s anti-spam plugin for WordPress have released a new version 6.45 to address 2 critical remote code execution flaws (CVE-2024-10542, CVE-2024-10781) those may impact as many as 200,000 websites. Both flaws could allow remote, unauthenticated attackers to install and activate arbitrary plugins, including vulnerable plugins that could be exploited for remote code execution.

The vulnerability appeared in 6.44, released on November 01, 2024.

Source: securityweek.com