CVE-2026-27743

The SPIP refererspam plugin versions prior to 1.3.0 contain an unauthenticated SQL injection vulnerability in the refererspamajouter and refererspamsupprimer action handlers. The handlers read the url parameter from a GET request and interpolate it directly into SQL LIKE clauses without input...

CVE-2026-2112

The Dam Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8. This is due to missing nonce verification on the pending comment deletion action in the cleanup page. This makes it possible for unauthenticated attackers to delete all pendi...

CVE-2026-2112

The Dam Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8. This is due to missing nonce verification on the pending comment deletion action in the cleanup page. This makes it possible for unauthenticated attackers to delete all pendi...

CVE-2026-2112

CVE-2026-2112 (Dam Spam WordPress plugin) : The Dam Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to 1.0.8 due to missing nonce verification on the pending comment deletion action in the cleanup page. This allows unauthenticated attackers to delete all p...

PT-2026-20298

The Dam Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8. This is due to missing nonce verification on the pending comment deletion action in the cleanup page. This makes it possible for unauthenticated attackers to delete all pendi...

CVE-2023-45759

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Peter Keung Peter’s Custom Anti-Spam plugin = 3.2.2 versions...

EUVD-2017-11103

Malware in sbrugna...

EUVD-2023-50048

Malicious code in bioql PyPI...

EUVD-2023-39904

Malicious code in bioql PyPI...

CVE-2025-2935 Anti-Spam: Spam Protection | Block Spam Users, Comments, Forms <= 2024.7 - Cross-Site Request Forgery to Multiple Administrative Actions

The Anti-Spam: Spam Protection | Block Spam Users, Comments, Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2024.7. This is due to missing or incorrect nonce validation in the 'ssoptionmaint.php' and 'ssuserfilterlist' files. This make...

PT-2025-24020 · WordPress · Anti-Spam: Spam Protection | Block Spam Users

Name of the Vulnerable Software and Affected Versions: Anti-Spam: Spam Protection | Block Spam Users, Comments, Forms plugin for WordPress versions up to, and including, 2024.7 Description: The issue is due to missing or incorrect nonce validation in the 'ss option maint.php' and 'ss user filter...

WordPress plugin Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant 跨站请求伪造漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. Cross-site request forgery vulnerability...

CVE-2022-2877

The Titan Anti-spam & Security WordPress plugin before 7.3.1 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers...

CVE-2021-24131

Unvalidated input in the Anti-Spam by CleanTalk WordPress plugin, versions before 5.149, lead to multiple authenticated SQL injection vulnerabilities, however, it requires high privilege user admin+...

CVE-2017-20096

A vulnerability classified as problematic has been found in WP-SpamFree Anti-Spam Plugin 2.1.1.4. This affects an unknown part. The manipulation leads to basic cross site scripting. It is possible to initiate the attack remotely...

WordPress Block Spam By Math Reloaded plugin <= 2.2.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin Block Spam By Math Reloaded versions = 2.2.4...

WordPress plugin Block Spam By Math Reloaded 跨站脚本漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress plugin Block...

WordPress CleanTalk Plugin < 6.44 Authorization Bypass Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:cleantalk:cleantalk-spam-protect"; ifdescription...

Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks

Two critical security flaws impacting the Spam protection, Anti-Spam, and FireWall plugin for WordPress could allow an unauthenticated attacker to install and enable malicious plugins on susceptible sites and potentially achieve remote code execution. The vulnerabilities, tracked as CVE-2024-1054...

CVE-2024-10781

creationtimestamp| type| source ---|---|--- 2024-11-26 05:36:16+00:00| seen| https://infosec.exchange/users/cve/statuses/113547632664236916 2024-11-26 12:23:00+00:00| seen| https://thehackernews.com/2024/11/critical-wordpress-anti-spam-plugin.html 2024-11-26 13:57:01+00:00| seen|...