WordPress Stop Spammers plugin <= 2026.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peleg Nagli ultrared.ai in WordPress Plugin Stop Spammers versions = 2026.3...

CVE-2025-14795

The Stop Spammers Classic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2026.1. This is due to missing nonce validation in the ssaddtoallowlist class. This makes it possible for unauthenticated attackers to add arbitrary email addresses to...

CVE-2025-14795

The Stop Spammers Classic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2026.1. This is due to missing nonce validation in the ssaddtoallowlist class. This makes it possible for unauthenticated attackers to add arbitrary email addresses to...

CVE-2025-14795

The Stop Spammers Classic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2026.1. This is due to missing nonce validation in the ssaddtoallowlist class. This makes it possible for unauthenticated attackers to add arbitrary email addresses to...

CVE-2025-14795 Stop Spammers Classic <= 2026.1 - Cross-Site Request Forgery via Email Allowlist

The Stop Spammers Classic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2026.1. This is due to missing nonce validation in the ssaddtoallowlist class. This makes it possible for unauthenticated attackers to add arbitrary email addresses to...

CVE-2025-14795

CVE-2025-14795 affects the Stop Spammers Classic WordPress plugin. It is a CSRF vulnerability caused by missing nonce validation in the ss_addtoallowlist class, enabling unauthenticated attackers to add email addresses to the spam allowlist via forged requests, if a site admin is tricked into cli...

WordPress Stop Spammers Classic plugin <= 2026.1 - Cross-Site Request Forgery via Email Allowlist vulnerability

Cross-Site Request Forgery via Email Allowlist vulnerability discovered by JoanClarke2 in WordPress Plugin Stop Spammers versions = 2026.1...

WordPress plugin Stop Spammers Classic has a cross-site request forgeing vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-5122

The Stop Spammers Classic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2026.1. This is due to missing nonce validation in the ss addtoallowlist class. This makes it possible for unauthenticated attackers to add arbitrary email addresses to...

EUVD-2021-11429

Malware in sbrugna...

EUVD-2023-59252

Malicious code in bioql PyPI...

WordPress Stop Spammers plugin <= 2024.7 - Cross-Site Request Forgery to Multiple Administrative Actions vulnerability

Cross-Site Request Forgery to Multiple Administrative Actions vulnerability discovered by Noah Stead TurtleBurg in WordPress Plugin Stop Spammers versions = 2024.7...

CVE-2023-2488

The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape various parameters before outputting them back in admin dashboard pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as ad...

CVE-2023-2489

The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-4120

The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2022.6 passes base64 encoded user input to the unserialize PHP function when CAPTCHA are used as second challenge, which could lead to PHP Object injection if a plugin installed on the blog has a suitable gadge...

CVE-2021-24245

The Stop Spammers WordPress plugin before 2021.9 did not escape user input when blocking requests such as matching a spam word, outputting it in an attribute after sanitising it to remove HTML tags, which is not sufficient and lead to a reflected Cross-Site Scripting issue...

CVE-2021-24517

The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2021.18 does not escape some of its settings, allowing high privilege users such as admin to set Cross-Site Scripting payloads in them even when the unfilteredhtml capability is disallowed...

WordPress Stop Spammers Security plugin <= 2024.4 - Cross-Site Request Forgery (CSRF) via sfs_process vulnerability

Cross-Site Request Forgery CSRF via sfsprocess vulnerability discovered by Lucio Sá in WordPress Plugin Stop Spammers versions = 2024.4...

WordPress Stop Spammers Plugin <= 2024.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Stop Spammers Type Plugin Vulnerable versions = 2024.4 Fixed in 2024.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-7065 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 314cb001df78 Credits Lucio Sá Required...

CVE-2023-7065

The Stop Spammers Security | Block Spam Users, Comments, Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2024.4. This is due to missing or incorrect nonce validation on the sfsprocess AJAX action. This makes it possible for...