6 matches found
WordPress Chat Help plugin missing authorization vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A missing authorization vulnerability exists in the WordPress Chat Help plugin, which can be exploited by an attacker to leverage an incorrectly configured access control securi...
CVE-2025-66099
CVE-2025-66099 concerns a missing authorization vulnerability in the WordPress Chat Help plugin (WordPress). The connected sources describe a Broken/Missing Access Control issue allowing exploitation due to an incorrectly configured access control security level, affecting plugin versions ≤ 3.1.3...
WordPress plugin Chat Help 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A missing authorization vulnerability exists in the WordPress Chat Help plugin, which can be exploited by an attacker to leverage an incorrectly configured access control securi...
WordPress Chat Help plugin <= 3.1.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Kim YunJi in WordPress Plugin Chat Help versions = 3.1.3...
CVE-2025-12410
The SH Contextual Help plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.1. This is due to missing or incorrect nonce validation in the shcontextualhelpdashboardwidget function. This makes it possible for unauthenticated attackers to update...
EC-CUBE plugin "Help plug-in" vulnerable to SQL injection
Overview EC-CUBE plugin "Help plug-in" provided by Cuore contains an SQL injection vulnerability CWE-89. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...