CVE-2026-1490 - Vulnerability Analysis

Undercode News

@undercodenews

Feb 17, 2026

Critical Vulnerability in CleanTalk WordPress Plugin Puts 200,000 Sites at Risk A recently discovered critical vulnerability (CVE-2026-1490, CVSS 9.8) in the CleanTalk WordPress plugin, affecting versions up to 6.71, has raised alarms for the cybersecurity community. This flaw exposes over 200,000 websites to severe threats, allowing unauthenticated attackers to exploit the vulnerability. The attackers could potentially install malicious plugins and execute remote code… https://undercodenews.com/critical-vulnerability-in-cleantalk-wordpress-plugin-puts-200000-sites-at-risk/

BeyondMachines :verified:

@beyondmachines1

Feb 17, 2026

Critical CleanTalk Plugin Vulnerability Allows WordPress Site Takeover via DNS Spoofing A critical vulnerability in the CleanTalk WordPress plugin (CVE-2026-1490) allows unauthenticated attackers to bypass authorization via Reverse DNS spoofing and install arbitrary plugins, leading to full site takeover. **If you are using ""Spam protection, Anti-Spam, FireWall by CleanTalk", update ASAP. Never rely on DNS records for authentication because they are easily spoofed by attackers.** #cybersecurity #infosec #advisory #vulnerability https://beyondmachines.net/event_details/critical-cleantalk-plugin-vulnerability-allows-wordpress-site-takeover-via-dns-spoofing-v-h-r-b-n/gD2P6Ple2L

TheHackerWire

@thehackerwire

Feb 16, 2026

🔴 CVE-2026-1490 - Critical (9.8) The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS (PTR record) spoofing on the 'checkWithoutToken' function in all ... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1490/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack