How severe is CVE-2024-10781?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2024-10781?

This is classified as CWE-703, which is a common weakness in software security.

CVE-2024-10781 - HIGH Severity | CVSS 8.1

Vulnerability Description

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an missing empty value check on the 'api_key' value in the 'perform' function in all versions up to, and including, 6.44. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated.

Related Vulnerabilities

CVE-2018-12551

HIGH

CVSS:8.1(High)

When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means ...

CWE-7032018

CVE-2024-21525

HIGH

CVSS:8.3(High)

All versions of the package node-twain are vulnerable to Improper Check or Handling of Exceptional Conditions due to the length of the source data not being checked. Creating a new twain.TwainSDK with...

CWE-7032024

CVE-2018-5463

HIGH

CVSS:7.8(High)

A structured exception handler overflow vulnerability in Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA 4.1.0.3391 and earlier may allow code execution.

CWE-7032018

CVE-2019-11245

HIGH

CVSS:7.8(High)

In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 (root) on container restart, or if the image was previously pulled to the node. If...

CWE-7032019

CVE-2022-0016

HIGH

CVSS:7.8(High)

An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app that enables a local attacker to escalate to SYS...

CWE-7032022

CVE-2022-22265

HIGH

CVSS:7.8(High)

An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution.

CWE-7032022