Lucene search
+L

71 matches found

WPVulnDB
WPVulnDB
added 2024/03/07 12:0 a.m.19 views

Premium Addons PRO < 2.9.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Messenger Chat Widget

Description The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premiumfbchatappid' parameter of the Messenger Chat Widget in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS5.8AI score0.00413EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.14 views

Sticky Chat Widget < 1.1.9 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Sticky Chat Widget: WhatsApp, Messenger, Click to chat, SMS, Email, Messages, Call Button, Contact form and more Chat buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.8 due to insufficient input...

5.9CVSS5.9AI score0.00335EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/12/29 11:15 a.m.5 views

CVE-2023-51371

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bit Assist Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating...

4.8CVSS5.8AI score0.00328EPSS
Exploits0References1
OSV
OSV
added 2023/12/29 11:15 a.m.5 views

CVE-2023-51361

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ginger Plugins Sticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat and Live Support Button allows Stored XSS.This issue affects Sticky Chat Widget: Click to chat, SMS,...

4.8CVSS7.3AI score0.00335EPSS
Exploits0References1
Prion
Prion
added 2023/12/29 11:15 a.m.20 views

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bit Assist Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating...

4.3CVSS7AI score0.00328EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/12/29 11:15 a.m.23 views

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ginger Plugins Sticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat and Live Support Button allows Stored XSS.This issue affects Sticky Chat Widget: Click to chat, SMS,...

4.3CVSS6.9AI score0.00335EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/12/29 11:1 a.m.51 views

CVE-2023-51361

Technical details (affected product/component, root cause, exploitability and fix) are not publicly provided in the supplied materials. Monitor for updates from official advisories and vendor notices.

5.9CVSS6.5AI score0.00335EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/12/29 10:58 a.m.30 views

CVE-2023-51371 WordPress Bit Assist Plugin <= 1.1.9 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bit Assist Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating...

5.9CVSS5.9AI score0.00328EPSS
Exploits0References1
CVE
CVE
added 2023/12/29 10:58 a.m.59 views

CVE-2023-51371

The CVE-2023-51371 entry concerns the WordPress Bit Assist Plugin (

5.9CVSS5.1AI score0.00328EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/12/29 12:0 a.m.13 views

PT-2023-31794 · Unknown · Bit Assist Chat Widget

Name of the Vulnerable Software and Affected Versions: Bit Assist Chat Widget versions n/a through 1.1.9 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows Stored XSS in the Chat Widget, which includes...

5.9CVSS4.8AI score0.00328EPSS
Exploits0References7
CNNVD
CNNVD
added 2023/12/29 12:0 a.m.7 views

WordPress Plugin Sticky Chat Widget Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.9CVSS5.9AI score0.00335EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/12/29 12:0 a.m.8 views

WordPress Plugin Chat WidgetCustomer Support Button with floating Chat Widget Cross-site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Chat WidgetCustomer Suppor...

5.9CVSS5.9AI score0.00328EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/12/29 12:0 a.m.7 views

PT-2023-31791 · Unknown · Sticky Chat Widget

Name of the Vulnerable Software and Affected Versions: Sticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat and Live Support Button versions 1.1.8 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as...

5.9CVSS5.8AI score0.00335EPSS
Exploits0References7
Patchstack
Patchstack
added 2023/12/26 12:0 a.m.15 views

WordPress Sticky Chat Widget Plugin <= 1.1.8 is vulnerable to Cross Site Scripting (XSS)

Software Sticky Chat Widget Type Plugin Vulnerable versions = 1.1.8 Fixed in 1.1.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-51361 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 0466bd6e4c4f Credits emad Required privilege Administrat...

5.9CVSS6.6AI score0.00335EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/11/22 12:0 a.m.6 views

WordPress Plugin Chaty Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Floating Chat Widget:...

5.9CVSS6.3AI score0.00398EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/08/30 12:0 a.m.9 views

WordPress plugin Floating Chat Widget 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Floating Chat Widget:...

7.1CVSS7AI score0.00401EPSS
Exploits0References2
OSV
OSV
added 2023/07/17 2:15 p.m.4 views

CVE-2023-3245

The Floating Chat Widget WordPress plugin before 3.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00451EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/07/17 1:29 p.m.28 views

CVE-2023-3245 Floating Chat Widget < 3.1.2 - Admin+ Stored Cross-Site Scripting

The Floating Chat Widget WordPress plugin before 3.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.9AI score0.00451EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/07/17 1:29 p.m.10 views

CVE-2023-3245 Floating Chat Widget < 3.1.2 - Admin+ Stored Cross-Site Scripting

The Floating Chat Widget WordPress plugin before 3.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.7AI score0.00451EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/07/17 12:0 a.m.6 views

WordPress Plugin Floating Chat Widget 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

4.8CVSS6.3AI score0.00451EPSS
Exploits2References2
Rows per page
Query Builder