CVE-2022-28222

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-28222

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-28222.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-28222

Published

2022-04-19T21:15:18.983Z

Modified

2025-11-14T13:08:18.433959Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

The CleanTalk AntiSpam plugin <= 5.173 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST['page'] parameter in/lib/Cleantalk/ApbctWP/FindSpam/ListTable/Users.php

References

https://www.wordfence.com/blog/2022/03/reflected-xss-in-spam-protection-antispam-firewall-by-cleantalk/

Affected packages

Git / github.com/cleantalk/wordpress-antispam

Affected ranges

Type: GIT
Repo: https://github.com/cleantalk/wordpress-antispam
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

e0abc895d5e39630c04677fd3ccb2253f3f6837f

Affected versions

1.*

1.563

5.*

5.124.1

5.136

5.136.1

5.136.2

5.136.3

5.136.4

5.137

5.137.1

5.138

5.139

5.141.2

5.141.3

5.143.1

5.144

5.145

5.145.1

5.145.2

5.146

5.146.1

5.147

5.147.1

5.148

5.149

5.150

5.150.1

5.151

5.151.1

5.151.2

5.151.3

5.151.4

5.152

5.152.1

5.152.3

5.152.4

5.152.5

5.153

5.153.2

5.153.3

5.153.4

5.154

5.155

5.155.1

5.157.21

5.157.22-fix

5.157.220

5.157.230

5.158

5.158.2-fix

5.159

5.159.1

5.159.2

5.159.5

5.159.6

5.159.6-dev

5.159.7

5.159.7-dev

5.159.8

5.159.9

5.160

5.160.1

5.160.2

5.160.3

5.161

5.161.1

5.162

5.163.1

5.164

5.164.1

5.165

5.165.1

5.166

5.167

5.168

5.168.1

5.169

5.169.1

5.170

5.171

5.171.2

5.171.99

5.172

5.173

Other

5125

Special

custom_ajax_handler

dev-version

fix-version