Plattform
wordpress
Komponente
oopspam-anti-spam
Behoben in
1.2.63
CVE-2026-32544 describes a Stored Cross-Site Scripting (XSS) vulnerability within the OOPSpam Anti-Spam plugin for WordPress. This flaw allows attackers to inject malicious scripts that are then executed in the browsers of other users. The vulnerability impacts versions of OOPSpam Anti-Spam prior to 1.2.63, and a patch has been released to address the issue.
An attacker exploiting this XSS vulnerability can inject arbitrary JavaScript code into the OOPSpam Anti-Spam plugin. This code can then be executed in the context of any user visiting a page where the malicious script is injected. The potential impact includes session hijacking, redirection to phishing sites, defacement of the website, and theft of sensitive user data, such as login credentials or personal information. Successful exploitation could compromise the entire WordPress site and its users, particularly if administrative accounts are targeted.
CVE-2026-32544 was publicly disclosed on 2026-03-25. As of this date, no public proof-of-concept (POC) code has been released, but the ease of exploitation for XSS vulnerabilities means it is likely to be targeted. The EPSS score is likely to be medium, given the widespread use of WordPress and the relatively simple nature of XSS exploitation. Monitor security advisories and threat intelligence feeds for any indications of active exploitation.
WordPress websites utilizing the OOPSpam Anti-Spam plugin, particularly those running versions prior to 1.2.63, are at risk. Shared hosting environments where multiple websites share the same server resources are especially vulnerable, as a compromise of one site could potentially lead to lateral movement to others.
• wordpress / composer / npm:
grep -r 'oopspam-anti-spam' /var/www/html/wp-content/plugins/
wp plugin list | grep oopspam-anti-spam• generic web:
curl -I https://your-wordpress-site.com/wp-content/plugins/oopspam-anti-spam/ | grep X-Powered-Bydisclosure
Exploit-Status
EPSS
0.04% (11% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2026-32544 is to immediately upgrade the OOPSpam Anti-Spam plugin to version 1.2.63 or later. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider implementing a Web Application Firewall (WAF) rule to filter out potentially malicious input. Specifically, look for patterns associated with JavaScript injection attempts. Regularly scan your WordPress installation for vulnerable plugins using a security scanner.
Update to version 1.2.63, or a newer patched version
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-32544 is a Stored Cross-Site Scripting (XSS) vulnerability affecting OOPSpam Anti-Spam versions up to 1.2.62, allowing attackers to inject malicious scripts.
You are affected if you are using OOPSpam Anti-Spam versions prior to 1.2.63. Check your plugin version and upgrade immediately if necessary.
Upgrade OOPSpam Anti-Spam to version 1.2.63 or later. Consider implementing input validation and output encoding as an additional precaution.
No active exploitation has been publicly reported, but the vulnerability's nature suggests a potential for rapid exploitation.
Refer to the OOPSpam Anti-Spam website or WordPress plugin repository for the official advisory and release notes.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.