CVE-2022-28222: 
WordPress vulnerability analysis and mitigation

The CleanTalk AntiSpam plugin version 5.173 and earlier for WordPress contains a Reflected Cross-Site Scripting (XSS) vulnerability. The vulnerability exists in the /lib/Cleantalk/ApbctWP/FindSpam/ListTable/Users.php file and can be exploited through the $_REQUEST['page'] parameter (CVE MITRE).

The vulnerability has been assigned CVE-2022-28222 with a CVSS Score of 6.1 (Medium). The issue is a classic Reflected Cross-Site Scripting (XSS) vulnerability that exists in the CleanTalk AntiSpam WordPress plugin's user list functionality (Wordfence Blog).

If successfully exploited, this XSS vulnerability could allow attackers to execute arbitrary JavaScript code in the context of the victim's browser session. This could potentially lead to theft of sensitive information, session hijacking, or other malicious actions performed in the context of the authenticated user's session.

Users are advised to update their CleanTalk AntiSpam plugin to a version newer than 5.173 to address this vulnerability. If immediate updating is not possible, website administrators should consider implementing additional security controls or temporarily disabling the affected plugin until it can be updated.