Description
WordPress Plugin Security & Malware scan by CleanTalk is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently interact with all its AJAX actions, which could lead to multiple vulnerabilities - from arbitrary file deletion/download to PHP function injection. WordPress Plugin Security & Malware scan by CleanTalk version 2.50 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.51 or latest
References
Related Vulnerabilities
PHP Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2006-0207)
MySQL Other Vulnerability (CVE-2012-5383)
Resin Application Server Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2969)
WordPress MU 'wp-admin/wpmu-blogs.php' Multiple Cross-Site Scripting Vulnerabilities (1.0 - 2.5.1)