CVE-2024-49281

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Ninja Team Click to Chat – WP Support All-in-One Floating Widget support-chat allows Stored XSS.This issue affects Click to Chat – WP Support All-in-One Floating Widget: from n/a through =...

WordPress Click to Chat – WP Support All-in-One Floating Widget plugin <= 2.3.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Gab in WordPress Plugin Click to Chat – WP Support All-in-One Floating Widget versions = 2.3.4...

CVE-2024-10055 Click to Chat – WP Support All-in-One Floating Widget <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpsaio_snapchat Shortcode

The Click to Chat – WP Support All-in-One Floating Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpsaiosnapchat shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes...

WordPress Click to Chat – WP Support All-in-One Floating Widget Plugin <= 2.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Click to Chat – WP Support All-in-One Floating Widget Type Plugin Vulnerable versions = 2.3.3 Fixed in 2.3.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49281 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 953e712df67a Credits...