CVE-2026-30048

A stored cross-site scripting XSS vulnerability exists in the NotChatbot WebChat widget thru 1.4.4. User-supplied input is not properly sanitized before being stored and rendered in the chat conversation history. This allows an attacker to inject arbitrary JavaScript code which is executed when t...

WordPress Premium Addons PRO plugin <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Messenger Chat Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Messenger Chat Widget vulnerability discovered by wesley wcraft in WordPress Plugin Premium Addons PRO versions = 2.9.12...

CVE-2019-20212

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via the chat widget/page message form...

CVE-2024-2972

The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin before 3.1.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attac...

EUVD-2019-10766

Malware in sbrugna...

EUVD-2023-43921

Malicious code in bioql PyPI...

EUVD-2022-43198

Malicious code in bioql PyPI...

EUVD-2023-56082

Malicious code in bioql PyPI...

EUVD-2023-56092

Malicious code in bioql PyPI...

5ire 跨站脚本漏洞

5ire is a cross-platform desktop AI assistant from the individual developer Ironben. A cross-site scripting vulnerability exists in 5ire version 0.13.2, which stems from content injection in the chat page script widget...

CVE-2024-1997

The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premiumfbchatappid' parameter of the Messenger Chat Widget in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2023-51361

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ginger Plugins Sticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat and Live Support Button allows Stored XSS.This issue affects Sticky Chat Widget: Click to chat, SMS,...

CVE-2023-3245

The Floating Chat Widget WordPress plugin before 3.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-51371

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bit Assist Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating...

CVE-2025-31092 WordPress Click to Chat – WP Support All-in-One Floating Widget plugin <= 2.3.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ninja Team Click to Chat – WP Support All-in-One Floating Widget allows Stored XSS. This issue affects Click to Chat – WP Support All-in-One Floating Widget: from n/a through 2.3.4...

CVE-2025-31092 WordPress Click to Chat – WP Support All-in-One Floating Widget plugin <= 2.3.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ninja Team Click to Chat – WP Support All-in-One Floating Widget support-chat allows Stored XSS.This issue affects Click to Chat – WP Support All-in-One Floating Widget: from n/a through = 2.3.4...

CVE-2025-1450

The Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button, WhatsApp – Chaty plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-hover’ parameter in all versions up to, and including, 3.3.5 due to insufficient input...

WordPress plugin Floating Chat Widget 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-4149 Floating Chat Widget < 3.2.3 - Admin+ Stored XSS

The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin before 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attac...

PT-2024-29421 · WordPress · The Floating Chat Widget

Name of the Vulnerable Software and Affected Versions: The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin versions prior to 3.2.3 Description: The issue allows high privilege users, such as admins, to perform...