CVE-2024-53994

Discourse is an open source platform for community discussion. In affected versions users who disable chat in preferences could still be reachable in some cases. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable...

CVE-2024-53994 Potential bypass of chat permissions in Discourse

Discourse is an open source platform for community discussion. In affected versions users who disable chat in preferences could still be reachable in some cases. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable...

CVE-2024-53994 Potential bypass of chat permissions in Discourse

Discourse is an open source platform for community discussion. In affected versions users who disable chat in preferences could still be reachable in some cases. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable...

PT-2025-3011 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to the latest version Description: The issue affects users who disable chat in preferences but could still be reachable in some cases. The estimated number of potentially affected devices worldwide is not available...

CVE-2024-12451

The HTML5 chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'HTML5CHAT' shortcode in all versions up to, and including, 1.04 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-12451

The HTML5 chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'HTML5CHAT' shortcode in all versions up to, and including, 1.07 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-12451

CVE-2024-12451 documents a Stored Cross-Site Scripting (XSS) flaw in the HTML5 chat WordPress plugin (versions up to and including 1.04) via the HTML5CHAT shortcode due to insufficient input sanitization and output escaping. Authenticated attackers with contributor-level access or higher can inje...

CVE-2024-12451 HTML5 chat <= 1.07 - Authenticated (Contributor+) Stored Cross-Site Scripting

The HTML5 chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'HTML5CHAT' shortcode in all versions up to, and including, 1.07 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-13646 Single-user-chat <= 0.5 - Authenticated (Subscriber+) Limited Options Update

The Single-user-chat plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to insufficient validation on the 'singleuserchatupdatelogin' function in all versions up to, and including, 0.5. This makes it possible for authenticated attacker...

CVE-2024-13646

The CVE concerns the WordPress plugin Single-user-chat (versions

CVE-2024-13646 Single-user-chat <= 0.5 - Authenticated (Subscriber+) Limited Options Update

The Single-user-chat plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to insufficient validation on the 'singleuserchatupdatelogin' function in all versions up to, and including, 0.5. This makes it possible for authenticated attacker...

PT-2025-1853 · WordPress · Html5 Chat Plugin

Name of the Vulnerable Software and Affected Versions: HTML5 Chat Plugin for WordPress versions 1.04 and earlier Description: The issue concerns a Stored Cross-Site Scripting vulnerability in the HTML5 chat plugin for WordPress. This vulnerability is due to insufficient input sanitization and...

WordPress plugin Monitor.Chat 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

WordPress WPS Telegram Chat plugin <= 4.5.4 - Missing Authorization to Information Exposure vulnerability

Missing Authorization to Information Exposure vulnerability discovered by István Márton in WordPress Plugin WPS Telegram Chat versions = 4.5.4...

CVE-2020-36838

The Facebook Chat Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wpajaxupdateoptions function in versions up to, and including, 1.5. This flaw makes it possible for low-level authenticated attackers to connect their own Facebook Messenger accou...

CVE-2020-36838

The CVE-2020-36838 entry concerns the Facebook Chat Plugin for WordPress (versions up to and including 1.5). The root cause is an authorization bypass caused by a missing capability check in the wp_ajax_update_options function, enabling low‑level authenticated attackers to connect their own Faceb...

CVE-2020-36838 Facebook Chat Plugin <= 1.5 - Missing Capabilities Check

The Facebook Chat Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wpajaxupdateoptions function in versions up to, and including, 1.5. This flaw makes it possible for low-level authenticated attackers to connect their own Facebook Messenger accou...

PT-2024-10848 · Facebook · Facebook Chat Plugin For Wordpress

Name of the Vulnerable Software and Affected Versions: Facebook Chat Plugin for WordPress versions up to and including 1.5 Description: The Facebook Chat Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp ajax update options function. This flaw...

WordPress RumbleTalk Live Group Chat plugin <= 6.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by stealthcopter, theviper17y in WordPress Plugin RumbleTalk Live Group Chat versions = 6.3.0...

WordPress 123.chat plugin <= 1.3.1 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Shebu B sh3bu in WordPress Plugin 123.chat versions = 1.3.1...