VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 8 known issues Latest disclosed Jan 27, 2026

Stop Spammers Classic Vulnerabilities

Review known vulnerability records for the WordPress plugin Stop Spammers Classic (`stop-spammer-registrations-plugin`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2025-14795, CVE-2025-2935 and CVE-2023-7065, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
8
High or Critical
1
Patch Coverage
100%
Last Updated
Jan 28, 2026
Priority CVE Quick Links

Fast paths into Stop Spammers Classic CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
8
CVE-2022-4120 Critical 2022.6
CVE-2022-4120 Stop Spammers Classic Vulnerability

Stop Spammers Security <= 2022.5 - Unauthenticated PHP Object Injection

CVE-2023-2488 Medium 2023
CVE-2023-2488 Stop Spammers Classic Cross-Site Scripting

Stop Spammers Security <= 2022.6 - Reflected Cross-Site Scripting

CVE-2021-24245 Medium 2021.9
CVE-2021-24245 Stop Spammers Classic Cross-Site Scripting

Stop Spammers <= 2021.8 - Reflected Cross-Site Scripting

CVE-2025-2935 Medium 2025
CVE-2025-2935 Stop Spammers Classic Cross-Site Request Forgery

Anti-Spam: Spam Protection | Block Spam Users, Comments, Forms <= 2024.7 - Cross-Site Request Forgery to Multiple Administrative Actions

CVE-2023-7065 Medium 2024.5
CVE-2023-7065 Stop Spammers Classic Cross-Site Request Forgery

Stop Spammers Security | Block Spam Users, Comments, Forms <= 2024.4 - Cross-Site Request Forgery (CSRF) via sfs_process

CVE-2021-24517 Medium 2021.18
CVE-2021-24517 Stop Spammers Classic Stored Cross-Site Scripting

Stop Spammers Security <= 2021.17 - Authenticated (Admin+) Stored Cross-Site Scripting

CVE-2023-2489 Medium 2023
CVE-2023-2489 Stop Spammers Classic Stored Cross-Site Scripting

Stop Spammers Security <= 2022.6 - Authenticated (Admin+) Stored Cross-Site Scripting

CVE-2025-14795 Medium 2026.2
CVE-2025-14795 Stop Spammers Classic Cross-Site Request Forgery

Stop Spammers Classic <= 2026.1 - Cross-Site Request Forgery via Email Allowlist

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Stop Spammers Classic so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
8 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
1 critical and 0 high severity findings.
Recent CVEs
CVE-2025-14795, CVE-2025-2935 and CVE-2023-7065
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Stop Spammers Classic

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2025-14795
CVE-2025-14795: Stop Spammers Classic <= 2026.1 - Cross-Site Request Forgery via Email Allowlist

The Stop Spammers Classic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2026.1. This is due to missing nonce validation in the ss_addtoallowlist class. This makes it possible for unauthenticated attackers to add arbitrary e...

Published
Jan 27, 2026
Patched Release
2026.2
Affected Versions
Versions up to 2026.1
Next Step
Update to 2026.2 or newer if supported.
Open CVE-2025-14795 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-2935
CVE-2025-2935: Anti-Spam: Spam Protection | Block Spam Users, Comments, Forms <= 2024.7 - Cross-Site Request Forgery to Multiple Administrative Actions

The Anti-Spam: Spam Protection | Block Spam Users, Comments, Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2024.7. This is due to missing or incorrect nonce validation in the 'ss_option_maint.php' and 'ss_user_filter_...

Published
Jun 05, 2025
Patched Release
2025
Affected Versions
Versions up to 2024.7
Next Step
Update to 2025 or newer if supported.
Open CVE-2025-2935 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-7065
CVE-2023-7065: Stop Spammers Security | Block Spam Users, Comments, Forms <= 2024.4 - Cross-Site Request Forgery (CSRF) via sfs_process

The Stop Spammers Security | Block Spam Users, Comments, Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2024.4. This is due to missing or incorrect nonce validation on the sfs_process AJAX action. This makes it possibl...

Published
May 03, 2024
Patched Release
2024.5
Affected Versions
Versions up to 2024.4
Next Step
Update to 2024.5 or newer if supported.
Open CVE-2023-7065 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-2489
CVE-2023-2489: Stop Spammers Security <= 2022.6 - Authenticated (Admin+) Stored Cross-Site Scripting

The Stop Spammers Security plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2022.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administra...

Published
May 15, 2023
Patched Release
2023
Affected Versions
Versions up to 2022.6
Next Step
Update to 2023 or newer if supported.
Open CVE-2023-2489 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-2488
CVE-2023-2488: Stop Spammers Security <= 2022.6 - Reflected Cross-Site Scripting

The Stop Spammers Security plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters in versions up to, and including, 2022.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...

Published
May 15, 2023
Patched Release
2023
Affected Versions
Versions up to 2022.6
Next Step
Update to 2023 or newer if supported.
Open CVE-2023-2488 Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2022-4120
CVE-2022-4120: Stop Spammers Security <= 2022.5 - Unauthenticated PHP Object Injection

The Stop Spammers Security plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2022.5 via deserialization of untrusted input when issuing a CPATCHA challenge. This allows unauthenticated attackers to inject a PHP Object. No POP chain is pr...

Published
Dec 05, 2022
Patched Release
2022.6
Affected Versions
Versions up to 2022.5
Next Step
Update to 2022.6 or newer if supported.
Open CVE-2022-4120 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2021-24517
CVE-2021-24517: Stop Spammers Security <= 2021.17 - Authenticated (Admin+) Stored Cross-Site Scripting

The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2021.18 does not escape some of its settings, allowing high privilege users such as admin to set Cross-Site Scripting payloads in them even when the unfiltered_html capability is disallowed

Published
Aug 09, 2021
Patched Release
2021.18
Affected Versions
Versions before 2021.18
Next Step
Update to 2021.18 or newer if supported.
Open CVE-2021-24517 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2021-24245
CVE-2021-24245: Stop Spammers <= 2021.8 - Reflected Cross-Site Scripting

The Stop Spammers WordPress plugin before 2021.9 did not escape user input when blocking requests (such as matching a spam word), outputting it in an attribute after sanitising it to remove HTML tags, which is not sufficient and lead to a reflected Cross-Site Scripting issue.

Published
Apr 08, 2021
Patched Release
2021.9
Affected Versions
Versions before 2021.9
Next Step
Update to 2021.9 or newer if supported.
Open CVE-2021-24245 Report Open CVE Reference