cleantalk — Vulnerabilities & Security Advisories 9

Browse all 9 CVE security advisories affecting cleantalk. AI-powered Chinese analysis, POCs, and references for each vulnerability.

CleanTalk provides anti-spam and bot protection services for websites and applications, primarily targeting comment forms, contact pages, and registration systems. Historically, the application has been susceptible to multiple cross-site scripting (XSS) vulnerabilities, remote code execution (RCE) flaws, and privilege escalation issues, with nine CVEs documented to date. Notable security characteristics include its cloud-based approach and integration with popular CMS platforms. While no major public security incidents have been widely reported, the consistent discovery of vulnerabilities in its codebase suggests ongoing challenges in secure development practices, particularly in input validation and access control mechanisms.

Top products by cleantalk: Login Security, FireWall, Malware removal by CleanTalk Spam protection, Honeypot, Anti-Spam by CleanTalk CleanTalk AntiSpam

CVEs 9

CVE ID	Title	CVSS	Severity	Published
CVE-2026-1490	Spam protection, Honeypot, Anti-Spam by CleanTalk <= 6.71 - Authorization Bypass via Reverse DNS (PTR record) Spoofing to Unauthenticated Arbitrary Plugin Installation — Spam protection, Honeypot, Anti-Spam by CleanTalkCWE-350	9.8	Critical	2026-02-15
CVE-2025-13604	Login Security, FireWall, Malware removal by CleanTalk <= 2.168 - Unauthenticated Stored Cross-Site Scripting via Page URL — Login Security, FireWall, Malware removal by CleanTalkCWE-79	7.2	High	2025-12-09
CVE-2024-13365	Security & Malware scan by CleanTalk <= 2.149 - Unauthenticated Arbitrary File Upload — Login Security, FireWall, Malware removal by CleanTalkCWE-434	9.8	Critical	2025-02-12
CVE-2024-10781	Spam protection, Anti-Spam, FireWall by CleanTalk <= 6.44 - Authorization Bypass due to Missing Empty Value Check to Unauthenticated Arbitrary Plugin Installation — Spam protection, Honeypot, Anti-Spam by CleanTalkCWE-703	8.1	High	2024-11-26
CVE-2024-10542	Spam protection, Anti-Spam, FireWall by CleanTalk <= 6.43.2 - Authorization Bypass via Reverse DNS Spoofing to Unauthenticated Arbitrary Plugin Installation — Spam protection, Honeypot, Anti-Spam by CleanTalkCWE-862	9.8	Critical	2024-11-26
CVE-2024-10570	Security & Malware scan by CleanTalk <= 2.145 - Authorization Bypass via Reverse DNS Spoofing to Unauthenticated SQL Injection — Login Security, FireWall, Malware removal by CleanTalkCWE-89	7.5	High	2024-11-26
CVE-2020-36698	Security & Malware scan by CleanTalk <= 2.50 - Missing Authorization — Login Security, FireWall, Malware removal by CleanTalkCWE-862	8.8	High	2023-10-20
CVE-2022-28222	CleanTalk AntiSpam <= 5.173 Reflected XSS — CleanTalk AntiSpamCWE-79	6.1	Medium	2022-04-19
CVE-2022-28221	CleanTalk AntiSpam <= 5.173 Reflected XSS — CleanTalk AntiSpamCWE-79	6.1	Medium	2022-04-19

This page lists every published CVE security advisory associated with cleantalk. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

cleantalk — Vulnerabilities & Security Advisories 9