Skip to main content

Stop Spammers

6 CVEs product

Monthly

CVE-2026-48876 HIGH This Week

Reflected/stored cross-site scripting in the WordPress plugin Stop Spammers (versions 2026.3 and earlier) allows unauthenticated remote attackers to inject malicious scripts that execute in a victim's browser when they interact with crafted content. The flaw carries a CVSS 3.1 base score of 7.1 due to scope change (S:C), and no public exploit identified at time of analysis, though Patchstack has catalogued the issue in its WordPress vulnerability database.

XSS Stop Spammers
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-2489 MEDIUM POC This Month

The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Stop Spammers
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-2488 MEDIUM POC This Month

The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape various parameters before outputting them back in admin dashboard pages,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Stop Spammers
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-4120 CRITICAL POC THREAT Act Now

The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2022.6 passes base64 encoded user input to the unserialize() PHP function when CAPTCHA are used as second. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress Deserialization Stop Spammers
NVD WPScan
CVSS 3.1
9.8
EPSS
18.1%
CVE-2021-24517 MEDIUM POC This Month

The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2021.18 does not escape some of its settings, allowing high privilege users such as admin to set Cross-Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Stop Spammers
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24245 MEDIUM POC This Month

The Stop Spammers WordPress plugin before 2021.9 did not escape user input when blocking requests (such as matching a spam word), outputting it in an attribute after sanitising it to remove HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Stop Spammers
NVD WPScan Exploit-DB
CVSS 3.1
6.1
EPSS
5.7%
EPSS 0% CVSS 7.1
HIGH This Week

Reflected/stored cross-site scripting in the WordPress plugin Stop Spammers (versions 2026.3 and earlier) allows unauthenticated remote attackers to inject malicious scripts that execute in a victim's browser when they interact with crafted content. The flaw carries a CVSS 3.1 base score of 7.1 due to scope change (S:C), and no public exploit identified at time of analysis, though Patchstack has catalogued the issue in its WordPress vulnerability database.

XSS Stop Spammers
NVD
EPSS 0% CVSS 4.8
MEDIUM POC This Month

The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Stop Spammers
NVD WPScan
EPSS 1% CVSS 6.1
MEDIUM POC This Month

The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape various parameters before outputting them back in admin dashboard pages,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Stop Spammers
NVD WPScan
EPSS 18% CVSS 9.8
CRITICAL POC THREAT Act Now

The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2022.6 passes base64 encoded user input to the unserialize() PHP function when CAPTCHA are used as second. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress Deserialization +1
NVD WPScan
EPSS 1% CVSS 5.4
MEDIUM POC This Month

The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2021.18 does not escape some of its settings, allowing high privilege users such as admin to set Cross-Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Stop Spammers
NVD WPScan
EPSS 6% CVSS 6.1
MEDIUM POC This Month

The Stop Spammers WordPress plugin before 2021.9 did not escape user input when blocking requests (such as matching a spam word), outputting it in an attribute after sanitising it to remove HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Stop Spammers
NVD WPScan Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy