cleantalk
Vulnerabilities and Security Researches

Stop Spammers Security | Block Spam Users, Comments, Forms, CVE-2025-2935

CVE, Research URL

CVE-2025-2935

Home page URL

Security reports for Stop Spammers Security | Block Spam Users, Comments, Forms

Application

Stop Spammers Security | Block Spam Users, Comments, Forms

Published on
Jun 06, 2025
Research Description
The Anti-Spam: Spam Protection | Block Spam Users, Comments, Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2024.7. This is due to missing or incorrect nonce validation in the 'ss_option_maint.php' and 'ss_user_filter_list' files. This makes it possible for unauthenticated attackers to delete pending comments, and re-enable a previously blocked user via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 2024.7.
Status
vulnerable
Previous vulnerability researches
Stop Spammers Security | Block Spam Users, Comments, Forms (CVE-2023-2488) , Jun 07, 2024
Stop Spammers Security | Block Spam Users, Comments, Forms (CVE-2021-24517) , Jun 07, 2024
Stop Spammers Security | Block Spam Users, Comments, Forms (CVE-2021-24245) , Jun 07, 2024
Stop Spammers Security | Block Spam Users, Comments, Forms (CVE-2023-2489) , Jun 07, 2024
Stop Spammers Security | Block Spam Users, Comments, Forms (CVE-2023-7065) , Jun 07, 2024
New vulnerability
Aruba HiSpeed Cache (CVE-2025-11706) , Feb 27, 2026
Aruba HiSpeed Cache (CVE-2025-11725) , Feb 27, 2026
Aruba HiSpeed Cache (CVE-2026-23694) , Feb 27, 2026
Aruba HiSpeed Cache (CVE-2026-23545) , Feb 27, 2026
Popularis Extra (CVE-2026-25422) , Feb 27, 2026