CVE-2026-1490 in Spam protection, Anti-Spam, FireWall Plugininformation

Résumé

par MITRE • 15/02/2026

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS (PTR record) spoofing on the 'checkWithoutToken' function in all versions up to, and including, 6.71. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. Note: This is only exploitable on sites with an invalid API key.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Divulgation

15/02/2026

Modérer

accepté

Entrée

VDB-346104

CPE

prêt

CWE

CWE-639 (confirmé)

CVSS

9.8 (CNA)

EPSS

0.00048

KEV

non

Activités

très faible

Secteur

Police, Lawfirm, ...

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-1490
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-1490
CVE Details	https://www.cvedetails.com/cve/CVE-2026-1490/

◂ Précédent Aperçu Suivant ▸

Might our Artificial Intelligence support you?

Check our Alexa App!