Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cnvdChina National Vulnerability DatabaseCNVD-2022-08367
HistoryJan 21, 2022 - 12:00 a.m.

WordPress Crisp Live Chat plugin cross-site scripting vulnerability

2022-01-2100:00:00
China National Vulnerability Database
www.cnvd.org.cn
18
wordpress
crisp live chat
cross-site scripting
php
mysql
nonce validation
javascript
stored xss
vulnerability

EPSS

0.001

Percentile

41.8%

JSON

WordPress is the Wordpress Foundation’s suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Crisp Live Chat plugin, which stems from a lack of nonce validation via the Krisp_plugin_settings_page function in the ~/crisp.php file, which could be exploited by an attacker to exploit this vulnerability to inject JavaScript and execute a stored XSS attack.

Related

cvelist 1
prion 1
patchstack 1
nvd 1
wpvulndb 1
cve 1
cvelist
cvelist
CVE-2021-43353 Crisp Live Chat <= 0.31 Cross-Site Request Forgery to Stored Cross-Site Scripting
2022-01-18 16:52:24
prion
prion
Cross site request forgery (csrf)
2022-01-18 17:15:00
patchstack
patchstack
WordPress Crisp Live Chat plugin <= 0.31 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)
2021-12-16 00:00:00
nvd
nvd
CVE-2021-43353
2022-01-18 17:15:09
wpvulndb
wpvulndb
Crisp Live Chat < 0.32 - CSRF to Stored Cross-Site Scripting
2021-12-16 00:00:00
cve
cve
CVE-2021-43353
2022-01-18 17:15:09

EPSS

0.001

Percentile

41.8%

JSON
Related for CNVD-2022-08367
cvelist1prion1patchstack1nvd1wpvulndb1cve1