A WordPress anti-spam plugin has been found to have two critical vulnerabilities, affecting over 200,000 active installations. The vulnerabilities in the anti-spam plugin, CleanTalk, could allow attackers to execute arbitrary code remotely without authentication. Attackers could install and activate arbitrary plugins. The flaw was resolved in early November but the patched version of the plugin is still vulnerable to a similar type of attack. WordPress data indicates that around half of CleanTalk’s installations are still exposed to exploitation attempts. 

Read more: https://www.securityweek.com/critical-vulnerabilities-found-in-anti-spam-plugin-used-by-200000-wordpress-sites/