Lucene search
K

44 matches found

CNNVD
CNNVD
added 2025/02/01 12:0 a.m.7 views

WordPress plugin Better Messages 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS8.3AI score0.00297EPSS
Exploits0References5
NVD
NVD
added 2024/12/04 3:15 a.m.26 views

CVE-2024-11813

The Pulsating Chat Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.1. This is due to missing or incorrect nonce validation on the aminchatbuttonsettingspage function. This makes it possible for unauthenticated attackers to update...

6.1CVSS0.00196EPSS
Exploits0References4
CVE
CVE
added 2024/12/04 2:40 a.m.50 views

CVE-2024-11813

CVE-2024-11813 affects the WordPress plugin Pulsating Chat Button (versions ≤ 1.3.6). The flaw is a Cross-Site Request Forgery that exploits missing nonce validation in amin_chat_button_settings_page(), allowing an unauthenticated attacker to trigger actions that update plugin settings and inject...

6.1CVSS7.2AI score0.00196EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/12/04 2:40 a.m.9 views

CVE-2024-11813 Pulsating Chat Button <= 1.4.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Pulsating Chat Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.1. This is due to missing or incorrect nonce validation on the aminchatbuttonsettingspage function. This makes it possible for unauthenticated attackers to update...

6.1CVSS7.2AI score0.00196EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/12/04 2:40 a.m.23 views

CVE-2024-11813 Pulsating Chat Button <= 1.4.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Pulsating Chat Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.1. This is due to missing or incorrect nonce validation on the aminchatbuttonsettingspage function. This makes it possible for unauthenticated attackers to update...

6.1CVSS0.00196EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/12/04 12:0 a.m.4 views

WordPress plugin Pulsating Chat Button 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

6.1CVSS8.3AI score0.00196EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/12/03 2:43 p.m.5 views

WordPress Pulsating Chat Button plugin <= 1.4.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin Pulsating Chat Button versions = 1.4.1...

6.1CVSS5.9AI score0.00196EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/12/02 12:0 a.m.4 views

WordPress plugin Add Chat App Button 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

5.9CVSS5.9AI score0.00274EPSS
Exploits0References1
OSV
OSV
added 2023/12/29 11:15 a.m.5 views

CVE-2023-51361

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ginger Plugins Sticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat and Live Support Button allows Stored XSS.This issue affects Sticky Chat Widget: Click to chat, SMS,...

4.8CVSS7.3AI score0.00335EPSS
Exploits0References1
NVD
NVD
added 2023/12/29 11:15 a.m.21 views

CVE-2023-51361

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ginger Plugins Sticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat and Live Support Button allows Stored XSS.This issue affects Sticky Chat Widget: Click to chat, SMS,...

5.9CVSS0.00335EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/08/09 12:0 a.m.12 views

Chat Button < 1.8.10 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.4AI score0.00316EPSS
Exploits0Affected Software1
OSV
OSV
added 2023/08/08 1:15 p.m.5 views

CVE-2023-32292

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in GetButton Chat Button by GetButton.Io plugin = 1.8.9.4 versions...

4.8CVSS7.3AI score0.00316EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/08/08 12:55 p.m.22 views

CVE-2023-32292 WordPress Chat Button Plugin <= 1.8.9.4 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in GetButton Chat Button by GetButton.Io plugin = 1.8.9.4 versions...

5.9CVSS5.5AI score0.00316EPSS
Exploits0References1
CVE
CVE
added 2023/08/08 12:55 p.m.69 views

CVE-2023-32292

The CVE-2023-32292 entry concerns the WordPress Chat Button plugin by GetButton.Io (versions

5.9CVSS5.1AI score0.00316EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/08 12:55 p.m.11 views

CVE-2023-32292 WordPress Chat Button Plugin <= 1.8.9.4 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in GetButton Chat Button by GetButton.Io plugin = 1.8.9.4 versions...

5.9CVSS5.6AI score0.00316EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/08/08 12:0 a.m.5 views

PT-2023-23705 · Getbutton.Io · Getbutton Chat Button

Name of the Vulnerable Software and Affected Versions: GetButton Chat Button by GetButton.Io plugin versions 1.8.9.4 and earlier Description: The issue is related to an Authenticated Stored Cross-Site Scripting XSS vulnerability. This means that an attacker with admin privileges can inject...

5.9CVSS5.3AI score0.00316EPSS
Exploits0References4
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.7 views

WordPress Chat Button- Leads and Order over Chat Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Chat Button- Leads and Order over Chat Type Plugin Vulnerable versions = 1.6.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4d0fb978d5e8 Credits Rafie...

6.2AI score0.00284EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/07/17 12:0 a.m.9 views

WordPress Chat Button Plugin <= 1.8.9.4 is vulnerable to Cross Site Scripting (XSS)

Software Chat Button Type Plugin Vulnerable versions = 1.8.9.4 Fixed in 1.8.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32292 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9c87f016ddc7 Credits Jayasuryapal G Required...

5.9CVSS5.7AI score0.00316EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.15 views

WordPress Chat Button- Leads and Order over Chat plugin <= 1.6.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Chat Button- Leads and Order over Chat plugin versions = 1.6.0. Solution Update the WordPress Chat Button- Leads and Order over Chat plugin to the latest available version at least 1.6.1...

3.7AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.12 views

WordPress Chat Button- Leads and Order over Chat plugin <= 1.6.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Chat Button- Leads and Order over Chat plugin versions = 1.6.0. Solution Update the WordPress Chat Button- Leads and Order over Chat plugin to the latest available version at least 1.6.1...

2AI score
Exploits0References2Affected Software1
Rows per page
Query Builder