CVE-2024-29789 WordPress OneClick Chat to Order plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Walter Pinem OneClick Chat to Order allows Stored XSS.This issue affects OneClick Chat to Order: from n/a through 1.0.5...

CVE-2024-29789

CVE-2024-29789 – Stored XSS in Walter Pinem OneClick Chat to Order (WordPress). Affected: OneClick Chat to Order plugin versions from n/a up to 1.0.5. Root cause per description: improper neutralization of input during web page generation. Impact: stored cross-site scripting, enabling injection o...

WordPress OneClick Chat to Order Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS)

Software OneClick Chat to Order Type Plugin Vulnerable versions = 1.0.5 Fixed in 1.0.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29789 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 255b07899e6d Credits Ngô Thiên An ancorn from VNPT-V...

WordPress OneClick Chat to Order Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS)

Software OneClick Chat to Order Type Plugin Vulnerable versions = 1.0.5 Fixed in 1.0.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID 703d2d9b7da8 Credits WordFence Required privileg...

CVE-2023-47546

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Walter Pinem OneClick Chat to Order plugin = 1.0.4.2 versions...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Walter Pinem OneClick Chat to Order plugin = 1.0.4.2 versions...

CVE-2023-47546

CVE-2023-47546 affects Walter Pinem OneClick Chat to Order plugin (versions

WordPress Plugin OneClick Chat to Order Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin OneClick Chat to Order has...

WordPress OneClick Chat to Order Plugin <= 1.0.4.2 is vulnerable to Cross Site Scripting (XSS)

Software OneClick Chat to Order Type Plugin Vulnerable versions = 1.0.4.2 Fixed in 1.0.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47546 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1ef498384412 Credits Luqman Hakim Y Required...

CVE-2022-4760

The OneClick Chat to Order WordPress plugin before 1.0.4.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against hi...

CVE-2022-4760

The OneClick Chat to Order WordPress plugin before 1.0.4.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against hi...

CVE-2022-4760 OneClick Chat to Order < 1.0.4.2 - Contributor+ Stored XSS via Shortcode

The OneClick Chat to Order WordPress plugin before 1.0.4.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against hi...

WordPress plugin OneClick Chat to Order 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2023-15423 · WordPress · Oneclick Chat To Order

Name of the Vulnerable Software and Affected Versions: OneClick Chat to Order WordPress plugin versions prior to 1.0.4.2 Description: The issue arises from the plugin not validating and escaping some of its shortcode attributes before outputting them back in the page. This could allow users with ...