CVE-2026-8071
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk26th percentile - higher than 26% of all known CVEs
Summary
The Anti-Spam by CleanTalk plugin before version 6.79 does not properly sanitize content within a custom shortcode used in its email-encoding feature, allowing unauthenticated attackers to inject arbitrary web scripts into approved comments that will execute when any user, including administrators, views the post.
Risk Assessment
An attacker can exploit this vulnerability to inject malicious code, posing a risk of taking control over user accounts and potentially deleting or altering data within the system.
Recommendation
It is recommended to update the Anti-Spam by CleanTalk plugin to version 6.79 or later to mitigate this vulnerability and to conduct a security audit of approved comments.
Original NVD description (English source)
The Anti-Spam by CleanTalk. Spam protection WordPress plugin before 6.79 does not properly sanitize content within a custom shortcode used in its email-encoding feature, allowing unauthenticated attackers to inject arbitrary web scripts into approved comments that will execute when any user (including administrators) views the post.

