WordPress Plugin Vulnerabilities

Anti-Spam by CleanTalk < 5.22 - Unauthenticated Reflected Cross-Site Scripting (XSS)

Description

The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
cleantalk-spam-protect
Fixed in 5.22

References

URL
http://cinu.pl/research/wp-plugins/mail_b33a49f2ed4053ac3838395f924d7a20.html
URL
http://blog.cinu.pl/2015/11/php-static-code-analysis-vs-top-1000-wordpress-plugins.html

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
982c7cef-eb17-49c4-9a92-87a5d0aca29b

Timeline

Publicly Published
2015-08-25 (about 10 years ago)
Added
2015-11-24 (about 10 years ago)
Last Updated
2020-11-20 (about 5 years ago)

Other

Published
Title
Published
2026-04-15
Title
Customer Reviews for WooCommerce < 5.102.0 - Reflected Cross-Site Scripting via 'crsearch'
Published
2024-06-28
Title
Login with phone number < 1.7.36 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2024-08-08
Title
Element Pack Elementor Addons < 5.7.7 - Contributor+ Stored XSS via title_tag
Published
2024-08-26
Title
Jeg Elementor Kit < 2.6.8 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File
Published
2020-04-03
Title
WP Last Modified Info < 1.6.6 - Authenticated Stored XSS