12 matches found
CVE-2026-0736
The Chatbot for WordPress by Collect.chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'inpostheadscriptsynthheaderscript' post meta field in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping. This makes it possible fo...
CVE-2026-0736 Chatbot for WordPress by Collect.chat ⚡️ <= 2.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta Field
The Chatbot for WordPress by Collect.chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'inpostheadscriptsynthheaderscript' post meta field in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping. This makes it possible fo...
CVE-2026-0736
The Chatbot for WordPress by Collect.chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'inpostheadscriptsynthheaderscript' post meta field in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping. This makes it possible fo...
CVE-2026-0736
CVE-2026-0736 describes a stored cross-site scripting vulnerability in the WordPress plugin “Chatbot for WordPress by Collect.chat” for versions up to 2.4.8. The root cause is insufficient input sanitization and output escaping in the post meta field _inpost_head_script[synth_header_script]. Expl...
PT-2026-8066
The Chatbot for WordPress by Collect.chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ' inpost head scriptsynth header script' post meta field in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping. This makes it possib...
WordPress plugin Chatbot for WordPress by Collect.chat 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
WordPress Chatbot for WordPress by Collect.chat ⚡️ plugin <= 2.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta Field vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Post Meta Field vulnerability discovered by Deadbee - NA in WordPress Plugin collectchat versions = 2.4.8...
EUVD-2024-28357
Malicious code in bioql PyPI...
CVE-2024-30436
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Collect.Chat Inc. Collectchat allows Stored XSS.This issue affects Collectchat: from n/a through 2.4.1...
CVE-2024-6498
The Chatbot for WordPress by Collect.chat ⚡️ WordPress plugin before 2.4.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2024-30436 WordPress Collect.chat plugin <= 2.4.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Collect.Chat Inc. Collectchat allows Stored XSS.This issue affects Collectchat: from n/a through 2.4.1...
CVE-2024-30436
CVE-2024-30436 is a Stored XSS in Collect.chat WordPress plugin. Affected: Collect.chat (WordPress plugin) up to version 2.4.1. Root cause: improper neutralization of input during web page generation. Impact: stored cross-site scripting could be triggered within authenticated sessions (Contributo...