What is CVE-2026-1490?

A critical vulnerability in the CleanTalk Anti-Spam plugin for WordPress allows unauthorized arbitrary plugin installation. This could lead to remote code execution if exploited. Immediate action is necessary to protect your systems.

What is the severity of CVE-2026-1490?

CVE-2026-1490 has a severity rating of CRITICAL with a CVSS base score of 9.8.

CVE-2026-1490 | Critical Vulnerability in CleanTalk Plugin for WordPress

The CleanTalk plugin for WordPress, which provides spam protection and firewall capabilities, has been identified with a critical vulnerability. This vulnerability allows unauthorized arbitrary plugin installation due to an authorization bypass via reverse DNS (PTR record) spoofing in the 'checkWithoutToken' function. All versions up to and including 6.71 are affected.

The severity of this vulnerability is rated as critical, with a CVSS score of 9.8. This high score indicates a significant risk to users of the CleanTalk plugin, as unauthenticated attackers can exploit this vulnerability to install and activate arbitrary plugins. If another vulnerable plugin is present, this could lead to remote code execution.

Risk to organizations includes potential unauthorized access to sensitive data, control over the affected WordPress site, and the ability to deploy malicious code. Organizations that utilize the CleanTalk plugin must take immediate action to address this vulnerability.

Currently, there is no known public exploit available, and this vulnerability is not included in the Known Exploited Vulnerability (KEV) catalog. However, the risk remains high, particularly for sites that have an invalid API key, which makes the exploitation possible.

Organizations should prioritize patching immediately to mitigate this risk and secure their WordPress installations.

Vulnerability Details

The vulnerability allows unauthorized arbitrary plugin installation through an authorization bypass in the CleanTalk plugin for WordPress. It is classified under CWE-350 and has a CVSS 3.1 base score of 9.8, indicating critical severity. The vulnerability was published on February 15, 2026, and is still awaiting analysis.

Technical Analysis

The root cause of this vulnerability lies in the 'checkWithoutToken' function, which fails to properly authenticate requests, allowing attackers to impersonate legitimate requests. The attack vector is network-based, and the complexity of the attack is low, requiring no privileges or user interaction. If successful, the attack can have high impacts on confidentiality, integrity, and availability.

Risk & Impact Analysis

This vulnerability poses a significant risk to organizations using the CleanTalk plugin. The potential for unauthorized access and remote code execution could lead to severe consequences, including data breaches and operational disruptions. Organizations should assess the deployment of this plugin and consider the blast radius if exploited. Given the high CVSS score, this vulnerability demands immediate attention.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

All versions of the CleanTalk plugin for WordPress prior to and including version 6.71 are affected by this vulnerability. Organizations using this plugin should ensure they upgrade to the latest version to mitigate the risk.

Mitigation & Remediation

Organizations must prioritize immediate patching of the CleanTalk plugin to remediate this vulnerability. If a patch is not available, consider disabling the plugin until a secure version is released. Additionally, review and harden configurations to minimize exposure and monitor logs for any unauthorized plugin installations.

For comprehensive security assessments and ongoing validation, organizations can leverage penetration testing services.

Detection Guidance

Organizations should monitor for signs of unauthorized plugin installations, unusual API key usage, and any unusual behavior in the CleanTalk logs. Regular audits of installed plugins can help identify any malicious additions.

AppSecure Threat Intelligence Insight

The discovery of this critical vulnerability highlights the ongoing need for robust security practices in third-party plugins. Organizations should remain vigilant and proactive in their security posture. For guidance on managing vulnerabilities and strengthening defenses, refer to the vulnerability management program and consider regular penetration testing methodology to identify potential weaknesses in your infrastructure.

Additionally, engaging in continuous security testing can provide real-time insights and help defend against emerging threats.

Organizations are encouraged to stay informed about vulnerabilities and threats affecting their software to maintain a robust defense.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2026-1490: Critical Vulnerability in CleanTalk Plugin for WordPress