spam-byebye <= 2.2.1 – Cross-Site Scripting (XSS) | CVE 2018-16206

Affects Plugins

spam-byebye

Fixed in 2.2.2

References

CVE

CVE-2018-16206

URL

https://jvn.jp/en/jp/JVN58010349/index.html

URL

https://plugins.trac.wordpress.org/changeset/2002790/spam-byebye

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.1 (medium)

Miscellaneous

Submitter

Ryan Dewhurst

Submitter twitter

ethicalhack3r

Verified

No

WPVDB ID

56306fc7-a430-47bc-80cf-2fd537d0e8bc

Timeline

Publicly Published

2019-01-10 (about 7 years ago)

Added

2019-01-13 (about 7 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2023-09-01

Title

WP Default Feature Image <= 1.0.1.1 - Admin+ Stored XSS

Published

2021-05-16

Title

Mediumish <= 1.0.47 - Unauthenticated Reflected Cross-Site Scripting (XSS)

Published

2025-07-04

Title

WP fancybox <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2024-08-07

Title

Selection Lite < 1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2017-02-20

Title

rockhoist-badges 1.2.2 - Authenticated Stored Cross-Site Scripting (XSS)