CVE-2026-8071

UNKNOWN 0.0

Spam protection, Honeypot, Anti-Spam by CleanTalk < 6.79 - Unauthenticated Stored XSS via Comment Shortcode Bypass

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

The Anti-Spam by CleanTalk. Spam protection WordPress plugin before 6.79 does not properly sanitize content within a custom shortcode used in its email-encoding feature, allowing unauthenticated attackers to inject arbitrary web scripts into approved comments that will execute when any user (including administrators) views the post.

Vendor	unknown
Product	anti-spam by cleantalk. spam protection
Published	Jun 10, 2026

Stay Ahead of the Next One

Get instant alerts for unknown anti-spam by cleantalk. spam protection

Be the first to know when new unknown vulnerabilities affecting unknown anti-spam by cleantalk. spam protection are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Unknown / Anti-Spam by CleanTalk. Spam protection

0 < 6.79

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wpscan.com: https://wpscan.com/vulnerability/0d4635b5-2d79-4337-a1ad-6b8d02cfd64b/

Credits

Matthew Rollings WPScan