WordPress Spam Protect for Contact Form 7 plugin < 1.2.10 - Editor+ Remote Code Execution vulnerability

Editor+ Remote Code Execution vulnerability discovered by Chiao-Lin Yu Steven Meow in WordPress Plugin Spam Protect for Contact Form 7 versions 1.2.10...

EUVD-2026-18128

The Spam Protect for Contact Form 7 WordPress plugin before 1.2.10 allows logging to a PHP file, which could allow an attacker with editor access to achieve Remote Code Execution by using a crafted header...

CVE-2026-1540

The Spam Protect for Contact Form 7 WordPress plugin before 1.2.10 allows logging to a PHP file, which could allow an attacker with editor access to achieve Remote Code Execution by using a crafted header...

CVE-2026-1540

The Spam Protect for Contact Form 7 WordPress plugin before 1.2.10 allows logging to a PHP file, which could allow an attacker with editor access to achieve Remote Code Execution by using a crafted header...

CVE-2026-1540

The CVE concerns the Spam Protect for Contact Form 7 WordPress plugin prior to version 1.2.10. The vulnerability permits logging to a PHP file, which could enable Remote Code Execution if an attacker gains editor access and sends a crafted header. Affected product: Spam Protect for Contact Form 7...

PT-2026-29683

CVE-2026-1540 The Spam Protect for Contact Form 7 WordPress plugin before 1.2.10 allows logging to a PHP file, which could allow an attacker with editor access to achieve Remote Code… https://t.co/IMmhcpMAZ9...

CVE-2026-32496

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in NYSL Spam Protect for Contact Form 7 wp-contact-form-7-spam-blocker allows Path Traversal.This issue affects Spam Protect for Contact Form 7: from n/a through = 1.2.9...

EUVD-2026-15841

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in NYSL Spam Protect for Contact Form 7 wp-contact-form-7-spam-blocker allows Path Traversal.This issue affects Spam Protect for Contact Form 7: from n/a through = 1.2.9...

CVE-2026-32496

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in NYSL Spam Protect for Contact Form 7 wp-contact-form-7-spam-blocker allows Path Traversal.This issue affects Spam Protect for Contact Form 7: from n/a through = 1.2.9...

CVE-2026-32496

CVE-2026-32496 is a path traversal vulnerability in the WordPress plugin Spam Protect for Contact Form 7 (wp-contact-form-7-spam-blocker). Affected: Spam Protect for Contact Form 7

CVE-2026-32496 WordPress Spam Protect for Contact Form 7 plugin <= 1.2.9 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in NYSL Spam Protect for Contact Form 7 wp-contact-form-7-spam-blocker allows Path Traversal.This issue affects Spam Protect for Contact Form 7: from n/a through = 1.2.9...

CVE-2026-32496 WordPress Spam Protect for Contact Form 7 plugin <= 1.2.9 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in NYSL Spam Protect for Contact Form 7 wp-contact-form-7-spam-blocker allows Path Traversal.This issue affects Spam Protect for Contact Form 7: from n/a through = 1.2.9...

WordPress plugin Spam Protect for Contact Form 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

PT-2026-28010

Name of the Vulnerable Software and Affected Versions NYSL Spam Protect for Contact Form 7 versions through 1.2.9 Description The software contains a flaw related to improper limitation of a pathname to a restricted directory, also known as Path Traversal. This allows an attacker to potentially...

WordPress Spam Protect for Contact Form 7 plugin <= 1.2.9 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by Andrea Bocchetti in WordPress Plugin Spam Protect for Contact Form 7 versions = 1.2.9...

CVE-2023-33996

Missing Authorization vulnerability in CleanTalk Inc Spam protection, AntiSpam, FireWall by CleanTalk cleantalk-spam-protect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spam protection, AntiSpam, FireWall by CleanTalk: from n/a through = 6.10...

Malicious code in cleantalk-spam-protect (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-1987 Malicious code in cleantalk-spam-protect (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2019-17515

The CleanTalk cleantalk-spam-protect plugin before 5.127.4 for WordPress is affected by: Cross Site Scripting XSS. The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the from or till parameter. The component is: inc/cleantalk-users.php and...

CVE-2019-17515

CVE-2019-17515 involves the WordPress plugin CleanTalk Spam Protect (AntiSpam/Firewall) prior to version 5.127.4. The vulnerability is a reflected Cross-Site Scripting (XSS) in the plugin’s code paths inc/cleantalk-users.php and inc/cleantalk-comments.php. The attack vector states that when an ad...