KEVIntel

Vulnerability detail

Enriched intelligence for a single CVE

Back to KEVs

6.1

CVSS
Medium

CVE-2022-28221

PUBLISHED

CleanTalk AntiSpam <= 5.173 Reflected XSS

Exploited in the wild Remote Low complexity

Vendor: CleanTalk
Product: CleanTalk AntiSpam
Published: Apr 19, 2022
EPSS: 1.2% · 78% pctl

Description

The CleanTalk AntiSpam plugin <= 5.173 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST['page'] parameter in`/lib/Cleantalk/ApbctWP/FindSpam/ListTable/Comments.php`

wordpress php

CVSS scores

CVSS v3.1 6.1 Medium

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2.0 4.3

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitation status

Exploited in the wild

Recorded 2022-03-30 06:11:19 UTC · Source

SSVC decision points

Exploitation: none
Automatable: No
Technical impact: partial

References

https://www.wordfence.com/blog/2022/03/reflected-xss-in-spam-protection-antispam-firewall-by-cleantalk/

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
Wordfence	Mar 30, 2022

Timeline

CVE ID Reserved

March 30, 2022
Added to KEVIntel

March 30, 2022
CVE Published to Public

April 19, 2022