Recently a vague report was released about a cross-site scripting vulnerability being in the plugin spam-byebye, which was reported to have been discovered by qw3rTyTy. The report indicated that the issue might have been fixed in a version of the plugin subsequent to version 2.2.1. In looking at the changes made in the next version, 2.2.2, we found that a reflected cross-site scripting (XSS) vulnerability had been fixed that had been accessible though the plugin’s admin page.

…

[Read more]