WordPress Chaty Cross-Site Scripting Vulnerability (CNVD-2022-03904)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress (Wordpress) Foundation. A cross-site scripting vulnerability exists in versions prior to WordPress Chaty 2.8.3 and prior to WordPress Chaty Pro 2.8.2. The vulnerability stems from the program not filtering and escaping search parameters before outputting them back to the administration page. An attacker could exploit this vulnerability to cause cross-site scripting execution.