CVE-2026-1490 | CleanTalk Spam protection, Anti-Spam, FireWall Plugin up to 6.71 on WordPress Plugin Installation checkWithoutToken authorization

A vulnerability identified as problematic has been detected in CleanTalk Spam protection, Anti-Spam, FireWall Plugin up to 6.71 on WordPress. Affected is the function checkWithoutToken of the component Plugin Installation Handler. The manipulation leads to authorization bypass.

This vulnerability is listed as CVE-2026-1490. The attack may be initiated remotely. There is no available exploit.