cleantalk
Vulnerabilities and Security Researches

Security & Malware scan by CleanTalk, CVE-2025-13604

CVE, Research URL

CVE-2025-13604

Home page URL

Security reports for Security & Malware scan by CleanTalk

Application

Security & Malware scan by CleanTalk

Published on
Dec 09, 2025
Research Description
The Login Security, FireWall, Malware removal by CleanTalk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the page URL in all versions up to, and including, 2.168 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 2.169.
Status
vulnerable
Previous vulnerability researches
Security & Malware scan by CleanTalk (CVE-2020-36698) , Jun 07, 2024
Security & Malware scan by CleanTalk (CVE-2023-5239) , Jun 07, 2024
Security & Malware scan by CleanTalk (ac157938844d05b91240f478a39a3a6e75833ed4) , Jun 07, 2024
Security & Malware scan by CleanTalk (CVE22) , Jan 17, 2024
Security & Malware scan by CleanTalk , Apr 03, 2026
New vulnerability
Social Post Embed (CVE-2026-6809) , Apr 30, 2026
Timeline Blocks for Gutenberg (CVE-2026-6551) , Apr 29, 2026
WPC Smart Messages for WooCommerce (CVE-2026-6725) , Apr 29, 2026
Check & Log Email (CVE-2026-5306) , Apr 29, 2026
Complianz – GDPR/CCPA Cookie Consent (CVE-2026-4019) , Apr 29, 2026