CVE-2025-66099 WordPress Chat Help plugin <= 3.1.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in ThemeAtelier Chat Help chat-help allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chat Help: from n/a through = 3.1.3...

CVE-2025-66099 WordPress Chat Help plugin <= 3.1.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in ThemeAtelier Chat Help chat-help allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chat Help: from n/a through = 3.1.3...

EUVD-2024-29019

Malicious code in bioql PyPI...

CVE-2024-31108

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in iFlyChat Team iFlyChat – WordPress Chat iflychat allows Stored XSS.This issue affects iFlyChat – WordPress Chat: from n/a through 4.7.2...

CVE-2024-10533

The WP Chat App plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the ajaxinstallplugin function in all versions up to, and including, 3.6.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

PT-2024-32087 · WordPress · Wp Chat App

Name of the Vulnerable Software and Affected Versions: WP Chat App WordPress plugin versions prior to 3.6.5 Description: The issue allows high privilege users, such as admins, to perform Cross-Site Scripting attacks even when unfiltered html is disallowed, due to the plugin not sanitising and...

PT-2024-22402 · WordPress · Wp Chat App

Name of the Vulnerable Software and Affected Versions: WP Chat App WordPress plugin versions prior to 3.6.4 Description: The issue allows high privilege users, such as admins, to perform Cross-Site Scripting attacks even when unfiltered html is disallowed, due to the plugin not sanitizing and...

WordPress Plugin WP Chat App 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security...

WP Chat App < 3.6.4 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admins to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed 1. Navigate to http://vulnerable-site.tld/wp-admin/admin.php?page=ntawhatsappfloatingwidge...

WordPress WP Chat App Plugin <= 3.6.2 is vulnerable to Cross Site Scripting (XSS)

Software WP Chat App Type Plugin Vulnerable versions = 3.6.2 Fixed in 3.6.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2513 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3da0694e8a8a Credits Ngô Thiên An ancorn Required...

CVE-2024-31108

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in iFlyChat Team iFlyChat – WordPress Chat iflychat allows Stored XSS.This issue affects iFlyChat – WordPress Chat: from n/a through 4.7.2...

CVE-2024-31108

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in iFlyChat Team iFlyChat – WordPress Chat iflychat allows Stored XSS.This issue affects iFlyChat – WordPress Chat: from n/a through 4.7.2...

CVE-2024-31108

CVE-2024-31108 relates to iFlyChat – WordPress Chat (plugin), with a Stored XSS vulnerability in the web page generation input handling. The issue affects iFlyChat – WordPress Chat from n/a through 4.7.2, per the description. The connected data notes the vulnerability as a vulnerability in an act...

WordPress Chat Bubble Plugin <= 2.3 is vulnerable to Cross Site Scripting (XSS)

Software Chat Bubble Type Plugin Vulnerable versions = 2.3 Fixed in 2.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0898 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 32320d8c2073 Credits Dipak Panchal th3.d1p4k Required...

WordPress Plugin WP Chat App Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

CVE-2023-48769 WordPress Chat Bubble Plugin <= 2.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Blue Coral Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back.This issue affects Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back: from n/a through 2.3...

WordPress Chat Bubble Plugin <= 2.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Chat Bubble Type Plugin Vulnerable versions = 2.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-48769 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7b343028245d Credits RE-ALTER Required privilege...

WordPress Chat Button- Leads and Order over Chat Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Chat Button- Leads and Order over Chat Type Plugin Vulnerable versions = 1.6.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4d0fb978d5e8 Credits Rafie...

WordPress Chat Button Plugin <= 1.8.9.4 is vulnerable to Cross Site Scripting (XSS)

Software Chat Button Type Plugin Vulnerable versions = 1.8.9.4 Fixed in 1.8.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32292 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9c87f016ddc7 Credits Jayasuryapal G Required...

WordPress Chat Bee Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Software Chat Bee Type Plugin Vulnerable versions = 1.1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-26538 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID ab7127aea89c Credits Lokesh Dachepalli Required...