Spam protection, AntiSpam, FireWall by CleanTalk < 5.174.1 – Reflected Cross-Site Scripting | CVE 2022-28221

Affects Plugins

cleantalk-spam-protect

Fixed in 5.174.1

References

CVE

CVE-2022-28221

CVE

CVE-2022-28222

URL

https://www.wordfence.com/blog/2022/03/reflected-xss-in-spam-protection-antispam-firewall-by-cleantalk/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.1 (medium)

Miscellaneous

Original Researcher

Ramuel Gall

Verified

Yes

WPVDB ID

4f68d896-1cb7-430c-b187-918c9f92005d

Timeline

Publicly Published

2022-03-30 (about 4 years ago)

Added

2022-03-30 (about 4 years ago)

Last Updated

2022-04-13 (about 4 years ago)

Other

Published

Title

Published

2014-11-27

Title

Sexy Squeeze Pages - Cross Site Scripting (XSS)

Published

2026-01-20

Title

MemberPress Discord Addon < 1.1.5 - Reflected Cross-Site Scripting

Published

2025-02-13

Title

Qubely – Advanced Gutenberg Blocks < 1.8.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'align' and 'UniqueID'

Published

2015-06-24

Title

Nextend Facebook Connect < 1.5.6 - Reflected Cross-Site Scripting (XSS)

Published

2021-04-19

Title

Popup by Supsystic < 1.10.5 - Reflected Cross-Site scripting (XSS)