70 matches found
CVE-2026-48876
Unauthenticated Cross Site Scripting XSS in Stop Spammers = 2026.3 versions...
CVE-2026-48876 WordPress Stop Spammers plugin <= 2026.3 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Stop Spammers = 2026.3 versions...
CVE-2026-48876
CVE-2026-48876 is an unauthenticated XSS in the WordPress Stop Spammers plugin (versions
EUVD-2026-36853
Unauthenticated Cross Site Scripting XSS in Stop Spammers = 2026.3 versions...
PT-2026-49483
Unauthenticated Cross Site Scripting XSS in Stop Spammers = 2026.3 versions...
WordPress Stop Spammers plugin <= 2026.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Peleg Nagli ultrared.ai in WordPress Plugin Stop Spammers versions = 2026.3...
CVE-2025-14795
The Stop Spammers Classic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2026.1. This is due to missing nonce validation in the ssaddtoallowlist class. This makes it possible for unauthenticated attackers to add arbitrary email addresses to...
CVE-2025-14795
The Stop Spammers Classic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2026.1. This is due to missing nonce validation in the ssaddtoallowlist class. This makes it possible for unauthenticated attackers to add arbitrary email addresses to...
CVE-2025-14795 Stop Spammers Classic <= 2026.1 - Cross-Site Request Forgery via Email Allowlist
The Stop Spammers Classic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2026.1. This is due to missing nonce validation in the ssaddtoallowlist class. This makes it possible for unauthenticated attackers to add arbitrary email addresses to...
CVE-2025-14795
The Stop Spammers Classic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2026.1. This is due to missing nonce validation in the ssaddtoallowlist class. This makes it possible for unauthenticated attackers to add arbitrary email addresses to...
CVE-2025-14795
CVE-2025-14795 affects the Stop Spammers Classic WordPress plugin. It is a CSRF vulnerability caused by missing nonce validation in the ss_addtoallowlist class, enabling unauthenticated attackers to add email addresses to the spam allowlist via forged requests, if a site admin is tricked into cli...
WordPress Stop Spammers Classic plugin <= 2026.1 - Cross-Site Request Forgery via Email Allowlist vulnerability
Cross-Site Request Forgery via Email Allowlist vulnerability discovered by JoanClarke2 in WordPress Plugin Stop Spammers versions = 2026.1...
WordPress plugin Stop Spammers Classic has a cross-site request forgeing vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-5122
The Stop Spammers Classic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2026.1. This is due to missing nonce validation in the ss addtoallowlist class. This makes it possible for unauthenticated attackers to add arbitrary email addresses to...
EUVD-2021-11429
Malware in sbrugna...
EUVD-2023-59252
Malicious code in bioql PyPI...
WordPress Stop Spammers plugin <= 2024.7 - Cross-Site Request Forgery to Multiple Administrative Actions vulnerability
Cross-Site Request Forgery to Multiple Administrative Actions vulnerability discovered by Noah Stead TurtleBurg in WordPress Plugin Stop Spammers versions = 2024.7...
CVE-2023-2488
The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape various parameters before outputting them back in admin dashboard pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as ad...
CVE-2023-2489
The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-4120
The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2022.6 passes base64 encoded user input to the unserialize PHP function when CAPTCHA are used as second challenge, which could lead to PHP Object injection if a plugin installed on the blog has a suitable gadge...