CVE Catalog

CVE-2026-8071

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.09%

26th percentile - higher than 26% of all known CVEs

Summary

The Anti-Spam by CleanTalk plugin before version 6.79 does not properly sanitize content within a custom shortcode used in its email-encoding feature, allowing unauthenticated attackers to inject arbitrary web scripts into approved comments that will execute when any user, including administrators, views the post.

Risk Assessment

An attacker can exploit this vulnerability to inject malicious code, posing a risk of taking control over user accounts and potentially deleting or altering data within the system.

Recommendation

It is recommended to update the Anti-Spam by CleanTalk plugin to version 6.79 or later to mitigate this vulnerability and to conduct a security audit of approved comments.

Original NVD description (English source)

The Anti-Spam by CleanTalk. Spam protection WordPress plugin before 6.79 does not properly sanitize content within a custom shortcode used in its email-encoding feature, allowing unauthenticated attackers to inject arbitrary web scripts into approved comments that will execute when any user (including administrators) views the post.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS