CVE-2026-8071
Spam protection, Honeypot, Anti-Spam by CleanTalk < 6.79 - Unauthenticated Stored XSS via Comment Shortcode Bypass
The Anti-Spam by CleanTalk. Spam protection WordPress plugin before 6.79 does not properly sanitize content within a custom shortcode used in its email-encoding feature, allowing unauthenticated attackers to inject arbitrary web scripts into approved comments that will execute when any user (including administrators) views the post.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Unknown · Anti-Spam by CleanTalk. Spam protectionpublic PoCs found — 1
cve_referencewpscan.com/vulnerability/0d4635b5-2d79-4337-a1ad-6b8d02cfd64b/unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →