CVE-2024-7869

The 123.chat - Video Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that wi...

CVE-2024-7869

CVE-2024-7869: Stored XSS in the WordPress 123.chat - Video Chat plugin (versions up to and including 1.3.1). Root cause: insufficient input sanitization and output escaping. Impact: unauthenticated attackers can inject scripts on pages and trigger them for users. CVSS v3.1 base score 7.2 (HIGH)....

CVE-2024-7869 123.chat - Video Chat <= 1.3.1 - Unauthenticated Stored Cross-Site Scripting

The 123.chat - Video Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that wi...

WordPress plugin 123.chat - Video Chat 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

WordPress 123.chat Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Software 123.chat Type Plugin Vulnerable versions = 1.3.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7869 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b37a33a87966 Credits Shebu B sh3bu Required...

123.chat - Video Chat <= 1.3.1 - Unauthenticated Stored Cross-Site Scripting

Description The 123.chat - Video Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

CVE-2023-4298

The 123.chat WordPress plugin before 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-4298 123.chat < 1.3.1 - Admin+ Stored XSS

The 123.chat WordPress plugin before 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress plugin 123.chat cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress 123.chat Plugin < 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Software 123.chat Type Plugin Vulnerable versions 1.3.1 Fixed in 1.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4298 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c8271bc372c4 Credits Jonatas Souza Villa Flor Required...

123.chat < 1.3.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup In the plugin's "User-ID" setting fiel...