cleantalk
Vulnerabilities and Security Researches

Stop Spammers Security | Block Spam Users, Comments, Forms, CVE-2023-7065

CVE, Research URL

CVE-2023-7065

Home page URL

Security reports for Stop Spammers Security | Block Spam Users, Comments, Forms

Application

Stop Spammers Security | Block Spam Users, Comments, Forms

Published on
May 04, 2024
Research Description
The Stop Spammers Security | Block Spam Users, Comments, Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2024.4. This is due to missing or incorrect nonce validation on the sfs_process AJAX action. This makes it possible for unauthenticated attackers to add arbitrary IPs to the plugin's allowlist and blocklist via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 2024.5.
Status
vulnerable
Previous vulnerability researches
Stop Spammers Security | Block Spam Users, Comments, Forms (CVE-2023-2488) , Jun 07, 2024
Stop Spammers Security | Block Spam Users, Comments, Forms (CVE-2021-24517) , Jun 07, 2024
Stop Spammers Security | Block Spam Users, Comments, Forms (CVE-2021-24245) , Jun 07, 2024
Stop Spammers Security | Block Spam Users, Comments, Forms (CVE-2023-2489) , Jun 07, 2024
Stop Spammers Security | Block Spam Users, Comments, Forms (CVE-2023-7065) , Jun 07, 2024
New vulnerability
Aruba HiSpeed Cache (CVE-2025-11706) , Feb 27, 2026
Aruba HiSpeed Cache (CVE-2025-11725) , Feb 27, 2026
Aruba HiSpeed Cache (CVE-2026-23694) , Feb 27, 2026
Aruba HiSpeed Cache (CVE-2026-23545) , Feb 27, 2026
Popularis Extra (CVE-2026-25422) , Feb 27, 2026