{"id":"CVE-2022-28221","details":"The CleanTalk AntiSpam plugin \u003c= 5.173 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST['page'] parameter in`/lib/Cleantalk/ApbctWP/FindSpam/ListTable/Comments.php`","modified":"2026-04-10T04:48:58.298052Z","published":"2022-04-19T21:15:18.927Z","references":[{"type":"ADVISORY","url":"https://www.wordfence.com/blog/2022/03/reflected-xss-in-spam-protection-antispam-firewall-by-cleantalk/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cleantalk/wordpress-antispam","events":[{"introduced":"0"},{"last_affected":"e0abc895d5e39630c04677fd3ccb2253f3f6837f"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"5.173"}]}}],"versions":["1.563","5.136","5.136.2","5.136.3","5.157.21","5.159.5","5.159.6","5.159.7-dev","5.161","5.164","5.164.1","5.165","5.165.1","5.166","5.167","5.168","5.168.1","5.169","5.169.1","5.170","5.171","5.172","5.173","Special","dev-version"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-28221.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}