Summary
A critical vulnerability in the CleanTalk WordPress plugin (CVE-2026-1490) allows unauthenticated attackers to bypass authorization via Reverse DNS spoofing and install arbitrary plugins, leading to full site takeover.
Take Action:
If you are using ""Spam protection, Anti-Spam, FireWall by CleanTalk", update ASAP. Never rely on DNS records for authentication because they are easily spoofed by attackers.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)