12 matches found
CVE-2023-45828
Missing Authorization vulnerability in RumbleTalk RumbleTalk Live Group Chat rumbletalk-chat-a-chat-with-themes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RumbleTalk Live Group Chat: from n/a through = 6.2.5...
EUVD-2025-26541
Malicious code in bioql PyPI...
CVE-2025-58626 WordPress RumbleTalk Live Group Chat Plugin <= 6.3.5 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RumbleTalk RumbleTalk Live Group Chat rumbletalk-chat-a-chat-with-themes allows Stored XSS.This issue affects RumbleTalk Live Group Chat: from n/a through = 6.3.5...
CVE-2025-58626
CVE-2025-58626 corresponds to a stored XSS vulnerability in the WordPress plugin RumbleTalk Live Group Chat (HTML5) affecting versions up to and including 6.3.5 . The issue stems from improper input neutralization during web page generation, enabling stored cross-site scripting and impacting site...
CVE-2023-45828 WordPress RumbleTalk Live Group Chat plugin <= 6.2.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in RumbleTalk RumbleTalk Live Group Chat rumbletalk-chat-a-chat-with-themes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RumbleTalk Live Group Chat: from n/a through = 6.2.5...
CVE-2023-45828 WordPress RumbleTalk Live Group Chat plugin <= 6.2.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in RumbleTalk RumbleTalk Live Group Chat rumbletalk-chat-a-chat-with-themes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RumbleTalk Live Group Chat: from n/a through = 6.2.5...
CVE-2024-8720
The RumbleTalk Live Group Chat – HTML5 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rumbletalk-admin-button' shortcode in all versions up to, and including, 6.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This...
CVE-2024-8720 RumbleTalk Live Group Chat – HTML5 <= 6.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The RumbleTalk Live Group Chat – HTML5 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rumbletalk-admin-button' shortcode in all versions up to, and including, 6.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This...
CVE-2024-8720
CVE-2024-8720 affects the RumbleTalk Live Group Chat – HTML5 WP plugin. The stored XSS vulnerability exists in the rumbletalk-admin-button shortcode in all versions up to and including 6.3.0 due to insufficient input sanitization and output escaping of user-supplied attributes. Exploitation requi...
WordPress plugin RumbleTalk Live Group Chat 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...
WordPress RumbleTalk Live Group Chat Plugin <= 6.3.0 is vulnerable to Cross Site Scripting (XSS)
Software RumbleTalk Live Group Chat Type Plugin Vulnerable versions = 6.3.0 Fixed in 6.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8720 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0ff096209d81 Credits stealthcopter...
WordPress RumbleTalk Live Group Chat Plugin <= 6.2.5 is vulnerable to Broken Access Control
Software RumbleTalk Live Group Chat Type Plugin Vulnerable versions = 6.2.5 Fixed in 6.2.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-45828 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 142311804af3 Credits Mika Require...