Lucene search
K

9 matches found

CNVD
CNVD
added 2025/10/13 12:0 a.m.2 views

WordPress Chatwee plugin cross-site request forgery vulnerability

WordPress Chatwee plugin is a plugin for adding live chat functionality to your WordPress website with multi-language and internationalization support. The WordPress Chatwee plugin suffers from a cross-site request forgery vulnerability that stems from the WEB application not adequately verifying...

4.3CVSS6.9AI score0.00151EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-31684

Malicious code in bioql PyPI...

4.3CVSS6.6AI score0.00151EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/10/01 4:23 a.m.9 views

CVE-2025-9948

The Chat by Chatwee plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.3. This is due to missing or incorrect nonce validation on the admin settings page. This makes it possible for unauthenticated attackers to modify plugin settings via a...

4.3CVSS5.3AI score0.00151EPSS
Exploits0References1
NVD
NVD
added 2025/09/30 11:37 a.m.9 views

CVE-2025-9948

The Chat by Chatwee plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.3. This is due to missing or incorrect nonce validation on the admin settings page. This makes it possible for unauthenticated attackers to modify plugin settings via a...

4.3CVSS0.00151EPSS
Exploits0References3
CVE
CVE
added 2025/09/30 3:35 a.m.16 views

CVE-2025-9948

The CVE-2025-9948 entry corresponds to the WordPress plugin Chat by Chatwee, vulnerable to Cross-Site Forgery (CSRF) on the admin settings page in all versions up to 2.1.3. The root cause is missing or incorrect nonce validation, allowing unauthenticated attackers to modify plugin settings by tri...

4.3CVSS5AI score0.00151EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/09/30 3:35 a.m.8 views

CVE-2025-9948 Chat by Chatwee <= 2.1.3 - Cross-Site Request Forgery to Settings Update

The Chat by Chatwee plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.3. This is due to missing or incorrect nonce validation on the admin settings page. This makes it possible for unauthenticated attackers to modify plugin settings via a...

4.3CVSS0.00151EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/30 12:0 a.m.6 views

PT-2025-39950

Name of the Vulnerable Software and Affected Versions Chat by Chatwee plugin for WordPress versions through 2.1.3 Description The Chat by Chatwee plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF. This is a result of inadequate or missing nonce validation on the admin setting...

4.3CVSS6.2AI score0.00151EPSS
Exploits0References6
Patchstack
Patchstack
added 2025/09/29 11:52 p.m.4 views

WordPress Chat by Chatwee plugin <= 2.1.3 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Nabil Irawan in WordPress Plugin Chat by Chatwee versions = 2.1.3...

4.3CVSS6.7AI score0.00151EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/03/31 2:5 p.m.4 views

WordPress Chat by Chatwee plugin <= 2.1.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika in WordPress Plugin Chat by Chatwee versions = 2.1.3...

4.3CVSS7AI score0.00248EPSS
Exploits0Affected Software1
Rows per page
Query Builder