8 matches found
CVE-2026-7795 Click to Chat <= 4.39 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'num' Shortcode Parameter
The Click to Chat – WA Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the chat shortcode 'num' parameter in all versions up to, and including, 4.38. This is due to insufficient escaping when embedding user-supplied shortcode attribute values inside JavaScript string...
EUVD-2025-18334
Malicious code in bioql PyPI...
EUVD-2022-51824
Malicious code in bioql PyPI...
EUVD-2025-15759
Malicious code in bioql PyPI...
EUVD-2024-32417
Malicious code in bioql PyPI...
CVE-2025-5336
CVE-2025-5336 concerns WordPress plugin “Click to Chat” for HoliThemes. The vulnerability is a Stored DOM-based Cross-Site Scripting via the data-no_number parameter in versions up to 4.22, caused by insufficient input sanitization and output escaping. Exploitation requires authenticated access a...
WordPress plugin Click to Chat 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Click to Chat plugin, which stems from insufficient input cleanup and escaping, and can be exploited by an attacker ...
CVE-2025-39411
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in IndiePlugins WhatsApp Click to Chat Plugin for WordPress wpt-whatsapp.This issue affects WhatsApp Click to Chat Plugin for WordPress: from n/a through = 2.2.12...