Description
WordPress Plugin Security & Malware scan by CleanTalk is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently interact with all its AJAX actions, which could lead to multiple vulnerabilities - from arbitrary file deletion/download to PHP function injection. WordPress Plugin Security & Malware scan by CleanTalk version 2.50 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.51 or latest
References
Related Vulnerabilities
PrestaShop Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-19126)
WordPress Plugin Smash Balloon Social Post Feed Unspecified Vulnerability (2.4.2)
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-5610)
WordPress Plugin Ajax BootModal Login Security Bypass (1.4.3)