68 matches found
CVE-2026-8071
The Anti-Spam by CleanTalk. Spam protection WordPress plugin before 6.79 does not properly sanitize content within a custom shortcode used in its email-encoding feature, allowing unauthenticated attackers to inject arbitrary web scripts into approved comments that will execute when any user...
CVE-2026-8071 Spam protection, Honeypot, Anti-Spam by CleanTalk < 6.79 - Unauthenticated Stored XSS via Comment Shortcode Bypass
The Anti-Spam by CleanTalk. Spam protection WordPress plugin before 6.79 does not properly sanitize content within a custom shortcode used in its email-encoding feature, allowing unauthenticated attackers to inject arbitrary web scripts into approved comments that will execute when any user...
CVE-2026-8071 Spam protection, Honeypot, Anti-Spam by CleanTalk < 6.79 - Unauthenticated Stored XSS via Comment Shortcode Bypass
The Anti-Spam by CleanTalk. Spam protection WordPress plugin before 6.79 does not properly sanitize content within a custom shortcode used in its email-encoding feature, allowing unauthenticated attackers to inject arbitrary web scripts into approved comments that will execute when any user...
CVE-2026-8071
The CVE-2026-8071 entries (NVD, CVE List, EUVD/ENISA, and VulnEnrichment) document a stored XSS vulnerability in the Anti-Spam by CleanTalk WordPress plugin. Affected: the plugin before version 6.79; Root cause: improper sanitization of content inside a custom shortcode used in the plugin’s email...
VulnCheck KEV: CVE-2024-13365
The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to arbitrary file uploads due to the plugin uploading and extracting .zip archives when scanning them for malware through the checkUploadedArchive function in all versions up to, and including, 2.149. This makes it possib...
CVE-2026-1490
CVE-2026-1490 affects the WordPress plugin Spam protection, Anti-Spam and Firewall by CleanTalk (versions up to 6.71). The vulnerability is an authorization bypass via reverse DNS (PTR) spoofing in the checkWithoutToken function, allowing unauthenticated attackers to install and activate arbitrar...
CVE-2026-1490
The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS PTR record spoofing on the 'checkWithoutToken' function in all versions up to, and including, 6.71. This makes it...
CVE-2025-13604
The Login Security, FireWall, Malware removal by CleanTalk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the page URL in all versions up to, and including, 2.168 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker...
EUVD-2025-201880
The Login Security, FireWall, Malware removal by CleanTalk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the page URL in all versions up to, and including, 2.168 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker...
WordPress Login Security, FireWall, Malware removal by CleanTalk plugin <= 2.168 - Unauthenticated Stored Cross-Site Scripting via Page URL vulnerability
Unauthenticated Stored Cross-Site Scripting via Page URL vulnerability discovered by shark3y in WordPress Plugin Security & Malware scan by CleanTalk versions = 2.168...
CVE-2025-13604 Login Security, FireWall, Malware removal by CleanTalk <= 2.168 - Unauthenticated Stored Cross-Site Scripting via Page URL
The Login Security, FireWall, Malware removal by CleanTalk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the page URL in all versions up to, and including, 2.168 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker...
CVE-2025-13604
CVE-2025-13604 is a stored XSS in the WordPress plugin “Login Security, FireWall, Malware removal by CleanTalk” (versions ≤ 2.168). The root cause is insufficient input sanitization and output escaping on the page URL, enabling unauthenticated attackers to inject scripts executed when users load ...
PT-2025-49799
Name of the Vulnerable Software and Affected Versions CleanTalk plugin for WordPress versions prior to 2.169 Description The Login Security, FireWall, Malware removal by CleanTalk plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization an...
EUVD-2020-24140
Malware in sbrugna...
EUVD-2021-11045
Malware in sbrugna...
EUVD-2019-7867
Malware in sbrugna...
EUVD-2023-57566
Malicious code in bioql PyPI...
EUVD-2022-32674
Malicious code in bioql PyPI...
EUVD-2024-51556
Malicious code in bioql PyPI...
EUVD-2022-42692
Malicious code in bioql PyPI...