20 matches found
WordPress Spam Protect for Contact Form 7 plugin < 1.2.10 - Editor+ Remote Code Execution vulnerability
Editor+ Remote Code Execution vulnerability discovered by Chiao-Lin Yu Steven Meow in WordPress Plugin Spam Protect for Contact Form 7 versions 1.2.10...
EUVD-2026-18128
The Spam Protect for Contact Form 7 WordPress plugin before 1.2.10 allows logging to a PHP file, which could allow an attacker with editor access to achieve Remote Code Execution by using a crafted header...
CVE-2026-1540
The Spam Protect for Contact Form 7 WordPress plugin before 1.2.10 allows logging to a PHP file, which could allow an attacker with editor access to achieve Remote Code Execution by using a crafted header...
CVE-2026-1540
The CVE-2026-1540 entry concerns the WordPress plugin Spam Protect for Contact Form 7. Versions before 1.2.10 are affected. Vulnerability: Logging data to a PHP file creates a potential Remote Code Execution (RCE) path when an attacker with editor access can craft headers to trigger code executio...
CVE-2026-1540
The Spam Protect for Contact Form 7 WordPress plugin before 1.2.10 allows logging to a PHP file, which could allow an attacker with editor access to achieve Remote Code Execution by using a crafted header...
PT-2026-29683
CVE-2026-1540 The Spam Protect for Contact Form 7 WordPress plugin before 1.2.10 allows logging to a PHP file, which could allow an attacker with editor access to achieve Remote Code… https://t.co/IMmhcpMAZ9...
CVE-2026-32496
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in NYSL Spam Protect for Contact Form 7 wp-contact-form-7-spam-blocker allows Path Traversal.This issue affects Spam Protect for Contact Form 7: from n/a through = 1.2.9...
EUVD-2026-15841
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in NYSL Spam Protect for Contact Form 7 wp-contact-form-7-spam-blocker allows Path Traversal.This issue affects Spam Protect for Contact Form 7: from n/a through = 1.2.9...
CVE-2026-32496
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in NYSL Spam Protect for Contact Form 7 wp-contact-form-7-spam-blocker allows Path Traversal.This issue affects Spam Protect for Contact Form 7: from n/a through = 1.2.9...
CVE-2026-32496
CVE-2026-32496 is a path traversal vulnerability in the WordPress plugin Spam Protect for Contact Form 7 (wp-contact-form-7-spam-blocker). Affected: Spam Protect for Contact Form 7
CVE-2026-32496 WordPress Spam Protect for Contact Form 7 plugin <= 1.2.9 - Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in NYSL Spam Protect for Contact Form 7 wp-contact-form-7-spam-blocker allows Path Traversal.This issue affects Spam Protect for Contact Form 7: from n/a through = 1.2.9...
CVE-2026-32496 WordPress Spam Protect for Contact Form 7 plugin <= 1.2.9 - Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in NYSL Spam Protect for Contact Form 7 wp-contact-form-7-spam-blocker allows Path Traversal.This issue affects Spam Protect for Contact Form 7: from n/a through = 1.2.9...
PT-2026-28010
Name of the Vulnerable Software and Affected Versions NYSL Spam Protect for Contact Form 7 versions through 1.2.9 Description The software contains a flaw related to improper limitation of a pathname to a restricted directory, also known as Path Traversal. This allows an attacker to potentially...
WordPress plugin Spam Protect for Contact Form 路径遍历漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...
WordPress Spam Protect for Contact Form 7 plugin <= 1.2.9 - Arbitrary File Deletion vulnerability
Arbitrary File Deletion vulnerability discovered by Andrea Bocchetti in WordPress Plugin Spam Protect for Contact Form 7 versions = 1.2.9...
CVE-2023-33996
Missing Authorization vulnerability in CleanTalk Inc Spam protection, AntiSpam, FireWall by CleanTalk cleantalk-spam-protect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spam protection, AntiSpam, FireWall by CleanTalk: from n/a through = 6.10...
Malicious code in cleantalk-spam-protect (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-1987 Malicious code in cleantalk-spam-protect (npm)
--- -= Per source details. Do not edit below this line.=-...
CVE-2019-17515
The CleanTalk cleantalk-spam-protect plugin before 5.127.4 for WordPress is affected by: Cross Site Scripting XSS. The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the from or till parameter. The component is: inc/cleantalk-users.php and...
CVE-2019-17515
CVE-2019-17515 involves the WordPress plugin CleanTalk Spam Protect (AntiSpam/Firewall) prior to version 5.127.4. The vulnerability is a reflected Cross-Site Scripting (XSS) in the plugin’s code paths inc/cleantalk-users.php and inc/cleantalk-comments.php. The attack vector states that when an ad...