Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2023 Greenbone AGOPENVAS:1361412562310124420
HistoryAug 31, 2023 - 12:00 a.m.

WordPress Chaty Plugin < 3.1 XSS Vulnerability

2023-08-3100:00:00
Copyright (C) 2023 Greenbone AG
plugins.openvas.org
3
wordpress
chaty
xss
vulnerability
cross-site scripting
version 3.1

7 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.0%

JSON

The WordPress plugin

# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:premio:chaty";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.124420");
  script_version("2023-10-13T16:09:03+0000");
  script_tag(name:"last_modification", value:"2023-10-13 16:09:03 +0000 (Fri, 13 Oct 2023)");
  script_tag(name:"creation_date", value:"2023-08-31 08:26:45 +0000 (Thu, 31 Aug 2023)");
  script_tag(name:"cvss_base", value:"6.4");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:N");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2023-08-31 18:43:00 +0000 (Thu, 31 Aug 2023)");

  script_cve_id("CVE-2023-25019");

  script_tag(name:"qod_type", value:"remote_banner");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("WordPress Chaty Plugin < 3.1 XSS Vulnerability");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2023 Greenbone AG");
  script_family("Web application abuses");
  script_dependencies("gb_wordpress_plugin_http_detect.nasl");
  script_mandatory_keys("wordpress/plugin/chaty/detected");

  script_tag(name:"summary", value:"The WordPress plugin 'Chaty' is prone to a cross-site scripting
  (XSS) vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"A malicious actor could be allowed to inject malicious scripts,
  such as redirects, advertisements, and other HTML payloads into your website which will be
  executed when guests visit your site.");

  script_tag(name:"affected", value:"WordPress Chaty plugin prior to version 3.1.");

  script_tag(name:"solution", value:"Update to version 3.1 or later.");

  script_xref(name:"URL", value:"https://patchstack.com/database/vulnerability/chaty/wordpress-chaty-plugin-3-0-9-cross-site-scripting-xss-vulnerability");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if (!port = get_app_port(cpe: CPE))
  exit(0);

if (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))
  exit(0);

version = infos["version"];
location = infos["location"];

if (version_is_less(version: version, test_version: "3.1")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "3.1", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

exit(99);

Related

cvelist 1
prion 1
cve 1
wordfence 1
cvelist
cvelist
CVE-2023-25019 WordPress Chaty Plugin <= 3.0.9 is vulnerable to Cross Site Scripting (XSS)
2023-08-30 11:51:48
prion
prion
Cross site scripting
2023-08-30 12:15:00
cve
cve
CVE-2023-25019
2023-08-30 12:15:08
wordfence
wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 15, 2023 to May 21, 2023)
2023-05-25 13:11:33

7 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.0%

JSON
Related for OPENVAS:1361412562310124420
cvelist1prion1cve1wordfence1