Critical CleanTalk Plugin Vulnerability Enables Authorization Bypass on WordPress

Critical CleanTalk Plugin Vulnerability Enables Authorization Bypass on WordPress

First seen 16 Feb 2026, 16:10 UTC GbhackersCyberpressSearchenginejournalThecyberexpress 76% similarity 44.6

Article Content

Browse articles
ThreatCluster

A critical vulnerability tracked as CVE-2026-1490 has been identified in the CleanTalk plugin for WordPress, allowing for authorization bypass via reverse DNS. This flaw affects thousands of WordPress installations that utilize the plugin for spam filtering and has been assigned a CVSS score of 9.8, indicating its severity.

ThreatCluster AI

Timeline

2026-02-15
CVE-2026-1490 published
2026-02-16
Cyberpress and Gbhackers report on the vulnerability

Community

Browse all →