CVE-2026-8071
Description
Anti-Spam by CleanTalk WordPress plugin (before 6.79) suffers from unauthenticated stored XSS via a shortcode, impacting all users viewing comments.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Anti-Spam by CleanTalk WordPress plugin (before 6.79) suffers from unauthenticated stored XSS via a shortcode, impacting all users viewing comments.
Vulnerability
The Anti-Spam by CleanTalk WordPress plugin versions prior to 6.79 contain a vulnerability where user-supplied content within a custom shortcode used for email encoding is not properly sanitized. This allows for the injection of arbitrary web scripts into approved comments [1].
Exploitation
An unauthenticated attacker can exploit this vulnerability by injecting malicious scripts into a comment that uses the affected shortcode. These scripts will execute when any user, including administrators, views the post containing the comment [1].
Impact
Successful exploitation allows an attacker to inject arbitrary web scripts into approved comments. These scripts execute in the context of the user viewing the comment, potentially leading to session hijacking, defacement, or other client-side attacks with the privileges of the viewing user [1].
Mitigation
The vulnerability is fixed in version 6.79 of the Anti-Spam by CleanTalk WordPress plugin. Users are advised to update to version 6.79 or later to mitigate this risk [1].
AI Insight generated on Jun 10, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <6.79
- Range: <6.79
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.