Description
WordPress Plugin Security & Malware scan by CleanTalk is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently interact with all its AJAX actions, which could lead to multiple vulnerabilities - from arbitrary file deletion/download to PHP function injection. WordPress Plugin Security & Malware scan by CleanTalk version 2.50 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.51 or latest
References
Related Vulnerabilities
WordPress Plugin WP Favorite Posts Cross-Site Scripting (1.6.5)
TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-2717)
Joomla Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2008-4104)
WordPress Plugin WordPress Comments Import & Export Cross-Site Request Forgery (2.1.10)