WP-SpamFree Anti-Spam – Authenticated Reflected Cross-Site Scripting (XSS)

Affects Plugins

wp-spamfree

No known fix

References

URL

https://sumofpwn.nl/advisory/2016/cross_site_scripting_vulnerability_in_wp_spamfree_anti_spam_wordpress_plugin.html

URL

https://seclists.org/fulldisclosure/2017/Feb/79

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter

ethicalhack3r

Verified

No

WPVDB ID

2efd2f26-c72d-4077-90e6-f4b254b9e082

Timeline

Publicly Published

2017-03-01 (about 9 years ago)

Added

2017-03-02 (about 9 years ago)

Last Updated

2019-11-01 (about 6 years ago)

Other

Published

Title

Published

2025-12-05

Title

myLCO <= 0.8.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']

Published

2024-05-30

Title

Safety Exit < 1.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting

Published

2025-03-24

Title

GMO Font Agent <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2024-10-14

Title

wpPricing Builder <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2023-06-15

Title

NextGen GalleryView <= 0.5.5 - Reflected XSS