The plugin does not not sanitise and escape the page parameter brief outputting it back in attributes in the /wp-admin/edit-comments.php?page=ct_check_spam and Users list dashboard, leading to Reflected Cross-Site Scripting issues
CPE | Name | Operator | Version |
---|---|---|---|
cleantalk-spam-protect | lt | 5.174.1 |