CVE-2026-8071EPSS p19.1%

CVE-2026-8071CVE-2026-8071

Description

The Anti-Spam by CleanTalk. Spam protection WordPress plugin before 6.79 does not properly sanitize content within a custom shortcode used in its email-encoding feature, allowing unauthenticated attackers to inject arbitrary web scripts into approved comments that will execute when any user (including administrators) views the post.

Scoring

CVSS 8.8 ()
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS0.28% probability of exploitation · percentile 19.1% · 2026-06-19T12:03:05Z
Last modified2026-06-10

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-1490
CVE
CVE-2026-8599
CVE
CVE-2025-1232
CVE
CVE-2026-8981
CVE
CVE-2026-8901
CVE
CVE-2026-10024
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.