Floating Chat Widget < 3.1.9 - Editor+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Chaty New Widget" 2. Create ...

Floating Chat Widget < 3.1.9 - Editor+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to "Chaty New Widget" 2...

WordPress Plugin Cross-Site Scripting Vulnerability (CNVD-2021-94153)

WordPress is a PHP, MySQL and JavaScript based project and uses Node as its JavaScript dependency. A native development environment is available for getting up and running quickly. An XSS vulnerability exists in WordPress in version 5.8 beta 1, which is related to the affected version not properl...

PT-2021-4498 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions 5.8 beta 1 through 5.8 Description: The issue is related to improper handling of HTML input in the Custom HTML feature of the widgets editor, introduced in WordPress 5.8 beta 1. This leads to stored XSS in the custom HTML...