PT-2025-49799 · WordPress · Cleantalk
Angus Girvan
·
Published
2025-12-09
·
Updated
2025-12-14
·
CVE-2025-13604
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
CleanTalk plugin for WordPress versions prior to 2.169
Description
The Login Security, FireWall, Malware removal by CleanTalk plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization and output escaping related to the page URL. This allows unauthenticated attackers to inject arbitrary web scripts into pages. When a user accesses an injected page, the scripts will execute.
Recommendations
Update the CleanTalk plugin to version 2.169 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cleantalk