9 matches found
CVE-2023-0899
The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before outputting it back in the Shoutbox, leading to Stored Cross-Site Scripting which could be used against high privilege users such as admins...
CVE-2023-1020
The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
VulnCheck KEV: CVE-2023-1020
The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
The vulnerability of the WP Live Chat Shoutbox plugin of the WordPress content management system allows a hacker to execute arbitrary SQL code.
The vulnerability of the WP Live Chat Shoutbox plugin of the WordPress content management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code remotely...
CVE-2023-1020
The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
CVE-2023-1020 Steveas WP Live Chat Shoutbox <= 1.4.2 - Unauthenticated SQLi
The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
WordPress plugin Steveas WP Live Chat Shoutbox 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2023-6377 · WordPress · Steveas Wp Live Chat Shoutbox
Name of the Vulnerable Software and Affected Versions: The Steveas WP Live Chat Shoutbox WordPress plugin versions 1.4.2 and earlier Description: The issue is related to a SQL injection vulnerability. It occurs because a parameter is not properly sanitised and escaped before being used in a SQL...
WordPress Steveas WP Live Chat Shoutbox Plugin <= 1.4.2 is vulnerable to Cross Site Scripting (XSS)
Software Steveas WP Live Chat Shoutbox Type Plugin Vulnerable versions = 1.4.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0899 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 96c9d942cc37 Credits Simone...