Published: 2019/01/10  Last Updated: 2019/01/10

Information from Yohsuke Ohkouchi

Vulnerability ID:JVN#58010349
Title:WordPress plugin "spam-byebye" vulnerable to cross-site scripting

This is a statement from the vendor itself with no modification by JPCERT/CC.


Cross site scripting vulnerability exists in the place to display the setting completion status of this plug-in setting screen.


Arbitrary code may be executed on this plugin setting screen.
However, since it assumes that you are logged in to the wordpress administration screen, it will not be attacked from the outside.

【How to respond】

Please update from wordpress management screen or download the latest version from the official plugin site.