WordPress plugin Spambyebye vulnerable

A Cross-site scripting vulnerability was found in WordPress plugin spam-byebye with all versions up to version 2.2.1 reported vulnerable.

It is possible to launch this attack remotely and it allows for the injection of arbitrary web scripts or HTML via unspecified vectors. This would alter the appearance and would make it possible to initiate further attacks against site visitors.

The vulnerability is known as CVE-2018-16206 and information regarding this vulnerability was released on 01/13/2019. The advisory is available at jvn.jp. The technical details are as of yet unknown and an exploit has not been reported to be available.

Version 2.2.2 of the Spam-byebye plugin has been released which is not affected. It is recommended that you update as soon as possible

Link: WordPress.org Spambyebye plugin


Related Posts

Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.