CVE-2025-14795

Name of the Vulnerable Software and Affected Versions Stop Spammers Classic plugin for WordPress versions through 2026.1

Description The software is susceptible to Cross-Site Request Forgery due to a lack of nonce validation in the ss addtoallowlist class. This allows unauthenticated attackers to add arbitrary email addresses to the spam allowlist by deceiving a site administrator into performing an action, such as clicking a link. The issue was partially addressed in version 2026.1.

Recommendations Update to a version beyond 2026.1.