CVE-2022-3415 Chat Bubble < 2.3 - Unauthenticated Stored Cross-Site Scripting

2022-11-1400:00:00

CWE-79

WPScan

www.cve.org

chat bubble

wordpress

unauthenticated

cross-site scripting

vulnerable

EPSS

0.001

Percentile

45.7%

JSON

The Chat Bubble WordPress plugin before 2.3 does not sanitise and escape some contact parameters, which could allow unauthenticated attackers to set Stored Cross-Site Scripting payloads in them, which will trigger when an admin view the related contact message

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back",
    "versions": [
      {
        "version": "2.3",
        "status": "affected",
        "lessThan": "2.3",
        "versionType": "custom"
      }
    ]
  }
]

References

wpscan.com/vulnerability/012c5b64-ef76-4539-afd8-40f6c329ae88

EPSS

0.001

Percentile

45.7%

JSON

Related for CVELIST:CVE-2022-3415