PT-2026-5122 · WordPress · Stop Spammers Classic
Stephanie Walters
·
Publicado
2026-01-28
·
Atualizado
2026-01-28
·
CVE-2025-14795
CVSS v3.1
4.3
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Stop Spammers Classic plugin for WordPress versions through 2026.1
Description
The software is susceptible to Cross-Site Request Forgery due to a lack of nonce validation in the ss addtoallowlist class. This allows unauthenticated attackers to add arbitrary email addresses to the spam allowlist by deceiving a site administrator into performing an action, such as clicking a link. The issue was partially addressed in version 2026.1.
Recommendations
Update to a version beyond 2026.1.
Correção
CSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Stop Spammers Classic