cleantalk
Vulnerabilities and Security Researches

Stop Spammers Security | Block Spam Users, Comments, Forms, CVE-2025-14795

CVE, Research URL

CVE-2025-14795

Home page URL

Security reports for Stop Spammers Security | Block Spam Users, Comments, Forms

Application

Stop Spammers Security | Block Spam Users, Comments, Forms

Published on
Jan 28, 2026
Research Description
The Stop Spammers Classic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2026.1. This is due to missing nonce validation in the ss_addtoallowlist class. This makes it possible for unauthenticated attackers to add arbitrary email addresses to the spam allowlist via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. The vulnerability was partially patched in version 2026.1.
Affected versions
max 2026.2.
Status
vulnerable
Previous vulnerability researches
Recooty – Modern Applicant Tracking System for Growing Companies (CVE-2025-14616) , Feb 27, 2026
New vulnerability
Printful Integration for WooCommerce (CVE-2025-12375) , Feb 27, 2026
PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes (CVE-2026-25322) , Feb 27, 2026
Page Builder Gutenberg Blocks – CoBlocks (CVE-2026-27094) , Feb 27, 2026
ElementsKit Elementor addons (CVE-2026-23693) , Feb 27, 2026
Stop Spammers Security | Block Spam Users, Comments, Forms (CVE-2025-14795) , Feb 27, 2026