Spam protection, Honeypot, Anti-Spam by CleanTalk < 6.79

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

The Anti-Spam by CleanTalk. Spam protection WordPress plugin before 6.79 does not properly sanitize content within a custom shortcode used in its email-encoding feature, allowing unauthenticated attackers to inject arbitrary web scripts into approved comments that will execute when any user (including administrators) views the post.

AI Analysis

Unauthenticated Stored XSS via Comment Shortcode Bypass in Anti-Spam by CleanTalk. Spam protection WordPress plugin before 6.79

Basic Information

ID CVE-2026-8071

Source WPScan

Published Jun 10, 2026 at 06:00

Modified Jun 10, 2026 at 10:41

Affected Product

Vendor Unknown

Product Anti-Spam by CleanTalk. Spam protection

Affected Versions Unknown Anti-Spam by CleanTalk. Spam protection 0

CWE Classification

CWE-79

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor CleanTalk

Product Anti-Spam by CleanTalk. Spam protection

Version < 6.79

References

wpscan.com /vulnerability/0d4635b5-2d79-4337-a1ad-6b8d02cfd64b/

{
    "lastseen": "",
    "description": "The Anti-Spam by CleanTalk. Spam protection WordPress plugin before 6.79 does not properly sanitize content within a custom shortcode used in its email-encoding feature, allowing unauthenticated attackers to inject arbitrary web scripts into approved comments that will execute when any user (including administrators) views the post.",
    "published": "2026-06-10T06:00:11.562Z",
    "modified": "2026-06-10T10:41:34.962Z",
    "type": "cve",
    "title": "Spam protection, Honeypot, Anti-Spam by CleanTalk < 6.79 - Unauthenticated Stored XSS via Comment Shortcode Bypass",
    "source": "WPScan",
    "references": "https://wpscan.com/vulnerability/0d4635b5-2d79-4337-a1ad-6b8d02cfd64b/",
    "id": "CVE-2026-8071",
    "bulletinFamily": "",
    "cwe": [
        "",
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "Unknown Anti-Spam by CleanTalk. Spam protection 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Anti-Spam by CleanTalk. Spam protection",
    "version": "0",
    "vendor": "Unknown",
    "ai_description": "Unauthenticated Stored XSS via Comment Shortcode Bypass in Anti-Spam by CleanTalk. Spam protection WordPress plugin before 6.79",
    "ai_severity": "High",
    "ai_vendor": "CleanTalk",
    "ai_product": "Anti-Spam by CleanTalk. Spam protection",
    "ai_version": "< 6.79",
    "ai_score": 8.8
}

Spam protection, Honeypot, Anti-Spam by CleanTalk < 6.79 - Unauthenticated Stored XSS via Comment Shortcode Bypass_CVE-2026-8071