Lucene search
+L

64 matches found

nvd
nvd
added 2026/06/06 4:17 a.m.17 views

CVE-2026-7795

The Click to Chat – WA Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the chat shortcode 'num' parameter in all versions up to, and including, 4.38. This is due to insufficient escaping when embedding user-supplied shortcode attribute values inside JavaScript string...

6.4CVSS0.00288EPSS
Exploits0References11
attackerkb
attackerkb
added 2026/06/06 2:28 a.m.8 views

CVE-2026-7795

The Click to Chat – WA Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the chat shortcode 'num' parameter in all versions up to, and including, 4.38. This is due to insufficient escaping when embedding user-supplied shortcode attribute values inside JavaScript string...

6.4CVSS5.8AI score0.00288EPSS
Exploits0References12
euvd
euvd
added 2026/06/06 2:28 a.m.15 views

EUVD-2026-34949

The Click to Chat – WA Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the chat shortcode 'num' parameter in all versions up to, and including, 4.38. This is due to insufficient escaping when embedding user-supplied shortcode attribute values inside JavaScript string...

6.4CVSS5.8AI score0.00288EPSS
Exploits0References11
cve
cve
added 2026/06/06 2:28 a.m.35 views

CVE-2026-7795

The CVE covers the WordPress plugin Click to Chat – WA Widget. Affected component: the [chat] shortcode, parameter num. Root cause: insufficient escaping of user-supplied shortcode attributes inside a JavaScript string that ends up in an HTML onclick attribute; esc_attr() converts quotes to ', wh...

6.4CVSS5.8AI score0.00288EPSS
Exploits0References11
cvelist
cvelist
added 2026/06/06 2:28 a.m.46 views

CVE-2026-7795 Click to Chat <= 4.39 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'num' Shortcode Parameter

The Click to Chat – WA Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the chat shortcode 'num' parameter in all versions up to, and including, 4.38. This is due to insufficient escaping when embedding user-supplied shortcode attribute values inside JavaScript string...

6.4CVSS0.00288EPSS
Exploits0References11
vulnrichment
vulnrichment
added 2026/06/06 2:28 a.m.10 views

CVE-2026-7795 Click to Chat <= 4.39 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'num' Shortcode Parameter

The Click to Chat – WA Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the chat shortcode 'num' parameter in all versions up to, and including, 4.38. This is due to insufficient escaping when embedding user-supplied shortcode attribute values inside JavaScript string...

6.4CVSS5.8AI score0.00288EPSS
Exploits0References11
cnnvd
cnnvd
added 2026/06/06 12:0 a.m.15 views

WordPress plugin Click to Chat – WA Widget 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.3AI score0.00288EPSS
Exploits0References12
ptsecurity
ptsecurity
added 2026/06/06 12:0 a.m.36 views

PT-2026-47132

Name of the Vulnerable Software and Affected Versions Click to Chat – WA Widget versions prior to 4.39 Description The plugin is subject to Stored Cross-Site Scripting. Authenticated attackers with Contributor-level access or higher can inject arbitrary web scripts into pages. This occurs because...

6.4CVSS5.9AI score0.00288EPSS
Exploits0References14
patchstack
patchstack
added 2026/06/05 1:37 p.m.11 views

WordPress Click to Chat – HoliThemes plugin <= 4.39 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Valatty in WordPress Plugin Click to Chat versions = 4.39...

6.4CVSS5.4AI score0.00288EPSS
Exploits0References1Affected Software1
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-51824

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00534EPSS
Exploits2References1
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-18334

Malicious code in bioql PyPI...

6.4CVSS6.6AI score0.00231EPSS
Exploits0References7
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-15759

Malicious code in bioql PyPI...

7.5CVSS8.2AI score0.00467EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-32417

Malicious code in bioql PyPI...

8.8CVSS6.4AI score0.01691EPSS
Exploits0References12
euvd
euvd
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-43347

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00509EPSS
Exploits0References1
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-8529

Malicious code in bioql PyPI...

6.5CVSS9AI score0.00187EPSS
Exploits0References2
patchstack
patchstack
added 2025/06/17 9:18 a.m.10 views

WordPress Click to Chat plugin <= 4.22 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via data-no_number Parameter vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via data-nonumber Parameter vulnerability discovered by Asaf Mozes in WordPress Plugin Click to Chat versions = 4.22...

6.4CVSS5.9AI score0.00231EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2025/06/14 9:15 a.m.10 views

CVE-2025-5336

The Click to Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-nonumber’ parameter in all versions up to, and including, 4.22 to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acces...

6.4CVSS0.00231EPSS
Exploits0References5
cve
cve
added 2025/06/14 8:23 a.m.43 views

CVE-2025-5336

CVE-2025-5336 concerns WordPress plugin “Click to Chat” for HoliThemes. The vulnerability is a Stored DOM-based Cross-Site Scripting via the data-no_number parameter in versions up to 4.22, caused by insufficient input sanitization and output escaping. Exploitation requires authenticated access a...

6.4CVSS5.7AI score0.00231EPSS
Exploits0References5
cvelist
cvelist
added 2025/06/14 8:23 a.m.11 views

CVE-2025-5336 Click to Chat <= 4.22 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via data-no_number Parameter

The Click to Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-nonumber’ parameter in all versions up to, and including, 4.22 to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acces...

6.4CVSS0.00231EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2025/06/14 12:0 a.m.5 views

PT-2025-25474 · WordPress · Click To Chat

Name of the Vulnerable Software and Affected Versions: Click to Chat plugin for WordPress versions up to, and including, 4.22 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticated attackers with...

6.4CVSS5.7AI score0.00231EPSS
Exploits0References9
Rows per page
Query Builder