Lucene search
WPScanCVELIST:CVE-2022-0642HistoryMay 30, 2022 - 8:35 a.m.
CVE-2022-0642 JivoChat < 1.3.5.4 - Stored Cross-Site Scripting via CSRF
2022-05-3008:35:35
CWE-352
WPScan
www.cve.org
0.001 Low
EPSS
Percentile
21.3%
The JivoChat Live Chat WordPress plugin before 1.3.5.4 does not properly check CSRF tokens on POST requests to the plugins admin page, and does not sanitise some parameters, leading to a stored Cross-Site Scripting vulnerability where an attacker can trick a logged in administrator to inject arbitrary javascript.
CNA Affected
[
{
"product": "JivoChat Live Chat – WP live chat plugin for WordPress",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.3.5.4",
"status": "affected",
"version": "1.3.5.4",
"versionType": "custom"
}
]
}
]Related
cve
cve
CVE-2022-0642
2022-05-30 09:15:08
wpexploit
wpexploit
JivoChat < 1.3.5.4 - Stored Cross-Site Scripting via CSRF
2022-05-09 00:00:00
wpvulndb
wpvulndb
JivoChat < 1.3.5.4 - Stored Cross-Site Scripting via CSRF
2022-05-09 00:00:00
prion
prion
Cross site scripting
2022-05-30 09:15:00
patchstack
patchstack
nvd
nvd
CVE-2022-0642
2022-05-30 09:15:08