CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

63 matches found

VulnCheck KEV•added 2026/05/05 12:0 a.m.•6 views

VulnCheck KEV: CVE-2024-13365

The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to arbitrary file uploads due to the plugin uploading and extracting .zip archives when scanning them for malware through the checkUploadedArchive function in all versions up to, and including, 2.149. This makes it possib...

9.8CVSS8.1AI score0.02736EPSS

In wildExploits0References2

ATTACKERKB•added 2026/02/15 2:22 a.m.•4 views

CVE-2026-1490

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS PTR record spoofing on the 'checkWithoutToken' function in all versions up to, and including, 6.71. This makes it...

9.8CVSS6.6AI score0.00048EPSS

Exploits0References5

CVE•added 2026/02/15 2:22 a.m.•24 views

CVE-2026-1490

CVE-2026-1490 affects the WordPress plugin Spam protection, Anti-Spam and Firewall by CleanTalk (versions up to 6.71). The vulnerability is an authorization bypass via reverse DNS (PTR) spoofing in the checkWithoutToken function, allowing unauthenticated attackers to install and activate arbitrar...

9.8CVSS6.6AI score0.00048EPSS

Exploits0References4

RedhatCVE•added 2025/12/10 5:27 a.m.•1 views

CVE-2025-13604

The Login Security, FireWall, Malware removal by CleanTalk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the page URL in all versions up to, and including, 2.168 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker...

7.2CVSS5.2AI score0.00142EPSS

Exploits0References1

EUVD•added 2025/12/09 6:30 p.m.•1 views

EUVD-2025-201880

7.2CVSS4.8AI score0.00142EPSS

Exploits0References3

Patchstack•added 2025/12/09 7:0 a.m.•4 views

WordPress Login Security, FireWall, Malware removal by CleanTalk plugin <= 2.168 - Unauthenticated Stored Cross-Site Scripting via Page URL vulnerability

Unauthenticated Stored Cross-Site Scripting via Page URL vulnerability discovered by shark3y in WordPress Plugin Security & Malware scan by CleanTalk versions = 2.168...

7.2CVSS5.3AI score0.00142EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2025/12/09 4:36 a.m.•1 views

CVE-2025-13604 Login Security, FireWall, Malware removal by CleanTalk <= 2.168 - Unauthenticated Stored Cross-Site Scripting via Page URL

7.2CVSS4.9AI score0.00142EPSS

Exploits0References2

CVE•added 2025/12/09 4:36 a.m.•9 views

CVE-2025-13604

CVE-2025-13604 is a stored XSS in the WordPress plugin “Login Security, FireWall, Malware removal by CleanTalk” (versions ≤ 2.168). The root cause is insufficient input sanitization and output escaping on the page URL, enabling unauthenticated attackers to inject scripts executed when users load ...

7.2CVSS4.9AI score0.00142EPSS

Exploits0References2

Positive Technologies•added 2025/12/09 12:0 a.m.•1 views

PT-2025-49799

Name of the Vulnerable Software and Affected Versions CleanTalk plugin for WordPress versions prior to 2.169 Description The Login Security, FireWall, Malware removal by CleanTalk plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization an...

7.2CVSS5.9AI score0.00142EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2019-7867

Malware in sbrugna...

6.1CVSS6.3AI score0.00332EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-24140

Malware in sbrugna...

8.8CVSS8.6AI score0.00261EPSS

Exploits1References4

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-11045

Malware in sbrugna...

7.2CVSS6.9AI score0.00972EPSS

Exploits2References2

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-33436