cleantalk
Vulnerabilities and Security Researches

Stop Spammers Security | Block Spam Users, Comments, Forms, CVE-2025-14795

CVE, Research URL

CVE-2025-14795

Home page URL

Security reports for Stop Spammers Security | Block Spam Users, Comments, Forms

Application

Stop Spammers Security | Block Spam Users, Comments, Forms

Published on
Jan 28, 2026
Research Description
The Stop Spammers Classic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2026.1. This is due to missing nonce validation in the ss_addtoallowlist class. This makes it possible for unauthenticated attackers to add arbitrary email addresses to the spam allowlist via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. The vulnerability was partially patched in version 2026.1.
Affected versions
max 2026.2.
Status
vulnerable
Previous vulnerability researches
Coming Soon Page – Responsive Coming Soon & Maintenance Mode (CVE-2018-5664) , Jun 07, 2024
Coming Soon Page – Responsive Coming Soon & Maintenance Mode (CVE-2018-5660) , Jun 07, 2024
Coming Soon Page – Responsive Coming Soon & Maintenance Mode (CVE-2018-5661) , Jun 07, 2024
Coming Soon Page – Responsive Coming Soon & Maintenance Mode (CVE-2018-5657) , Jun 07, 2024
Coming Soon Page – Responsive Coming Soon & Maintenance Mode (CVE-2018-5658) , Jun 07, 2024
New vulnerability
LeadConnector (CVE-2026-25441) , Feb 27, 2026
NextMove Lite – Thank You Page for WooCommerce (CVE-2025-68048) , Feb 27, 2026
Image Optimizer by Elementor – Compress, Resize and Optimize Images (CVE-2026-25387) , Feb 27, 2026
Printful Integration for WooCommerce (CVE-2025-12375) , Feb 27, 2026
PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes (CVE-2026-25322) , Feb 27, 2026