Sunday, May 17, 2026
CISA Exploit ListVulnerabilityWeb Browsers

Critical Vulnerabilities in WordPress Anti-Spam Plugin Expose 200,000 Sites

Justin Erickson

by Justin Erickson

Two critical vulnerabilities have been discovered in a popular WordPress anti-spam plugin used by over 200,000 websites. These allow authorization bypass to unauthenticated attackers who then can install more plugins – which leads to arbitrary code execution. The vulnerabilities pose significant risks, including data theft, site defacement, and more. The plugin’s developers have issued patches to address the flaws, and WordPress administrators are urged to update to the latest version immediately; as well as regular updates and plugin audits to minimize risks associated with third-party extensions.

Third-Party references:

Click the links below to learn more details. (Opens in a new tab/window.)

The Hacker News
SecurityWeek
Cloudways
Security Online
Techradar
CVE-2024-10542
CVE-2024-10781