A Cross-site scripting vulnerability was found in WordPress plugin spam-byebye with all versions up to version 2.2.1 reported vulnerable.
It is possible to launch this attack remotely and it allows for the injection of arbitrary web scripts or HTML via unspecified vectors. This would alter the appearance and would make it possible to initiate further attacks against site visitors.
The vulnerability is known as CVE-2018-16206 and information regarding this vulnerability was released on 01/13/2019. The advisory is available at jvn.jp. The technical details are as of yet unknown and an exploit has not been reported to be available.
Version 2.2.2 of the Spam-byebye plugin has been released which is not affected. It is recommended that you update as soon as possible