Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/01/29 3:19 p.m.14 views

CVE-2025-14795

The Stop Spammers Classic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2026.1. This is due to missing nonce validation in the ssaddtoallowlist class. This makes it possible for unauthenticated attackers to add arbitrary email addresses to...

4.3CVSS5.9AI score0.0016EPSS
Exploits0References1
NVD
NVD
added 2026/01/28 2:16 p.m.7 views

CVE-2025-14795

The Stop Spammers Classic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2026.1. This is due to missing nonce validation in the ssaddtoallowlist class. This makes it possible for unauthenticated attackers to add arbitrary email addresses to...

4.3CVSS0.0016EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/28 1:26 p.m.4 views

CVE-2025-14795

The Stop Spammers Classic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2026.1. This is due to missing nonce validation in the ssaddtoallowlist class. This makes it possible for unauthenticated attackers to add arbitrary email addresses to...

4.3CVSS5.9AI score0.0016EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/01/28 1:26 p.m.28 views

CVE-2025-14795 Stop Spammers Classic <= 2026.1 - Cross-Site Request Forgery via Email Allowlist

The Stop Spammers Classic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2026.1. This is due to missing nonce validation in the ssaddtoallowlist class. This makes it possible for unauthenticated attackers to add arbitrary email addresses to...

4.3CVSS0.0016EPSS
Exploits0References4
CVE
CVE
added 2026/01/28 1:26 p.m.19 views

CVE-2025-14795

CVE-2025-14795 affects the Stop Spammers Classic WordPress plugin. It is a CSRF vulnerability caused by missing nonce validation in the ss_addtoallowlist class, enabling unauthenticated attackers to add email addresses to the spam allowlist via forged requests, if a site admin is tricked into cli...

4.3CVSS5.9AI score0.0016EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/01/28 1:56 a.m.9 views

WordPress Stop Spammers Classic plugin <= 2026.1 - Cross-Site Request Forgery via Email Allowlist vulnerability

Cross-Site Request Forgery via Email Allowlist vulnerability discovered by JoanClarke2 in WordPress Plugin Stop Spammers versions = 2026.1...

4.3CVSS5.9AI score0.0016EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.7 views

WordPress plugin Stop Spammers Classic has a cross-site request forgeing vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.7AI score0.0016EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.11 views

PT-2026-5122

The Stop Spammers Classic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2026.1. This is due to missing nonce validation in the ss addtoallowlist class. This makes it possible for unauthenticated attackers to add arbitrary email addresses to...

4.3CVSS5.9AI score0.0016EPSS
Exploits0References5
Rows per page
Query Builder