Vulnerability Description
The CleanTalk cleantalk-spam-protect plugin before 5.127.4 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the from or till parameter. The component is: inc/cleantalk-users.php and inc/cleantalk-comments.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cleantalk | Spam Protection\, Antispam\, Firewall | < 5.127.4 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/changeset/2172333PatchThird Party Advisory
- https://wordpress.org/plugins/cleantalk-spam-protect/#developersProductThird Party Advisory
- https://wpvulndb.com/vulnerabilities/9949Third Party Advisory
- https://plugins.trac.wordpress.org/changeset/2172333PatchThird Party Advisory
- https://wordpress.org/plugins/cleantalk-spam-protect/#developersProductThird Party Advisory
- https://wpvulndb.com/vulnerabilities/9949Third Party Advisory
FAQ
What is CVE-2019-17515?
CVE-2019-17515 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The CleanTalk cleantalk-spam-protect plugin before 5.127.4 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via...
How severe is CVE-2019-17515?
CVE-2019-17515 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-17515?
Check the references section above for vendor advisories and patch information. Affected products include: Cleantalk Spam Protection\, Antispam\, Firewall.