Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 2:57 a.m.6 views

CVE-2023-0899

The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before outputting it back in the Shoutbox, leading to Stored Cross-Site Scripting which could be used against high privilege users such as admins...

6.1CVSS5.5AI score0.00458EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:53 a.m.3 views

CVE-2023-1020

The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

9.8CVSS9.1AI score0.0499EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/27 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-1020

The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

9.8CVSS7.4AI score0.0499EPSS
Exploits2References1
BDU FSTEC
BDU FSTEC
added 2023/10/25 12:0 a.m.7 views

The vulnerability of the WP Live Chat Shoutbox plugin of the WordPress content management system allows a hacker to execute arbitrary SQL code.

The vulnerability of the WP Live Chat Shoutbox plugin of the WordPress content management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code remotely...

10CVSS8.2AI score0.0499EPSS
Exploits2References4Affected Software1
NVD
NVD
added 2023/04/24 7:15 p.m.26 views

CVE-2023-1020

The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

9.8CVSS9.8AI score0.0499EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/04/24 6:30 p.m.27 views

CVE-2023-1020 Steveas WP Live Chat Shoutbox <= 1.4.2 - Unauthenticated SQLi

The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

10AI score0.0499EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/04/24 12:0 a.m.4 views

WordPress plugin Steveas WP Live Chat Shoutbox 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.1CVSS6.3AI score0.00458EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2023/04/24 12:0 a.m.9 views

PT-2023-6377 · WordPress · Steveas Wp Live Chat Shoutbox

Name of the Vulnerable Software and Affected Versions: The Steveas WP Live Chat Shoutbox WordPress plugin versions 1.4.2 and earlier Description: The issue is related to a SQL injection vulnerability. It occurs because a parameter is not properly sanitised and escaped before being used in a SQL...

9.8CVSS9.7AI score0.0499EPSS
Exploits2References9
Patchstack
Patchstack
added 2023/04/12 12:0 a.m.11 views

WordPress Steveas WP Live Chat Shoutbox Plugin <= 1.4.2 is vulnerable to Cross Site Scripting (XSS)

Software Steveas WP Live Chat Shoutbox Type Plugin Vulnerable versions = 1.4.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0899 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 96c9d942cc37 Credits Simone...

6.1CVSS5.6AI score0.00458EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder