71 matches found
Premium Addons PRO < 2.9.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Messenger Chat Widget
Description The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premiumfbchatappid' parameter of the Messenger Chat Widget in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible...
Sticky Chat Widget < 1.1.9 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Sticky Chat Widget: WhatsApp, Messenger, Click to chat, SMS, Email, Messages, Call Button, Contact form and more Chat buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.8 due to insufficient input...
CVE-2023-51371
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bit Assist Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating...
CVE-2023-51361
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ginger Plugins Sticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat and Live Support Button allows Stored XSS.This issue affects Sticky Chat Widget: Click to chat, SMS,...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bit Assist Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ginger Plugins Sticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat and Live Support Button allows Stored XSS.This issue affects Sticky Chat Widget: Click to chat, SMS,...
CVE-2023-51361
Technical details (affected product/component, root cause, exploitability and fix) are not publicly provided in the supplied materials. Monitor for updates from official advisories and vendor notices.
CVE-2023-51371 WordPress Bit Assist Plugin <= 1.1.9 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bit Assist Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating...
CVE-2023-51371
The CVE-2023-51371 entry concerns the WordPress Bit Assist Plugin (
PT-2023-31794 · Unknown · Bit Assist Chat Widget
Name of the Vulnerable Software and Affected Versions: Bit Assist Chat Widget versions n/a through 1.1.9 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows Stored XSS in the Chat Widget, which includes...
WordPress Plugin Sticky Chat Widget Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress Plugin Chat WidgetCustomer Support Button with floating Chat Widget Cross-site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Chat WidgetCustomer Suppor...
PT-2023-31791 · Unknown · Sticky Chat Widget
Name of the Vulnerable Software and Affected Versions: Sticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat and Live Support Button versions 1.1.8 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as...
WordPress Sticky Chat Widget Plugin <= 1.1.8 is vulnerable to Cross Site Scripting (XSS)
Software Sticky Chat Widget Type Plugin Vulnerable versions = 1.1.8 Fixed in 1.1.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-51361 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 0466bd6e4c4f Credits emad Required privilege Administrat...
WordPress Plugin Chaty Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Floating Chat Widget:...
WordPress plugin Floating Chat Widget 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Floating Chat Widget:...
CVE-2023-3245
The Floating Chat Widget WordPress plugin before 3.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-3245 Floating Chat Widget < 3.1.2 - Admin+ Stored Cross-Site Scripting
The Floating Chat Widget WordPress plugin before 3.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-3245 Floating Chat Widget < 3.1.2 - Admin+ Stored Cross-Site Scripting
The Floating Chat Widget WordPress plugin before 3.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress Plugin Floating Chat Widget 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...