CVE-2025-13975

The Contact Form 7 with ChatWork plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'apitoken' and 'roomid' settings in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

EUVD-2025-202954

The Contact Form 7 with ChatWork plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'apitoken' and 'roomid' settings in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2025-13975

The Contact Form 7 with ChatWork plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'apitoken' and 'roomid' settings in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2025-13975

CVE-2025-13975: The Contact Form 7 with ChatWork plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the api_token and roomid settings in all versions up to 1.1.0. The issue requires authenticated admin access and affects multisite installs and sites where unfiltered_html is dis...

CVE-2025-13975 Contact Form 7 with ChatWork <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'api_token' and 'roomid' Settings

The Contact Form 7 with ChatWork plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'apitoken' and 'roomid' settings in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2025-13975 Contact Form 7 with ChatWork <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'api_token' and 'roomid' Settings

The Contact Form 7 with ChatWork plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'apitoken' and 'roomid' settings in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

WordPress plugin Contact Form 7 with ChatWork 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-50840

The Contact Form 7 with ChatWork plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api token' and 'roomid' settings in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

WordPress Contact Form 7 with ChatWork plugin <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'api_token' and 'roomid' Settings vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'apitoken' and 'roomid' Settings vulnerability discovered by Yahya Oumani cyb3rnoob in WordPress Plugin Contact Form 7 with ChatWork versions = 1.1.0...

EUVD-2018-1458

Malware in sbrugna...

EUVD-2024-44807

Malicious code in bioql PyPI...

EUVD-2023-36790

Malicious code in bioql PyPI...

CVE-2024-50307

Use of potentially dangerous function issue exists in Chatwork Desktop Application Windows versions prior to 2.9.2. If a user clicks a specially crafted link in the application, an arbitrary file may be downloaded from an external website and executed. As a result, arbitrary code may be executed ...

CVE-2023-32546

Code injection vulnerability exists in Chatwork Desktop Application Mac 2.6.43 and earlier. If this vulnerability is exploited, a non-administrative user of the Mac where the product is installed may store and obtain audio and image data from the product without the user's consent...

Chatwork Desktop Application (Windows) uses a potentially dangerous function

Overview Chatwork Desktop Application Windows provided by kubell Co., Ltd. contains an issue with use of potentially dangerous function CWE-676, which allows a user to access an external website via a link in the application. RyotaK of Flatt Security Inc. directly reported this vulnerability to t...

CVE-2024-50307

Use of potentially dangerous function issue exists in Chatwork Desktop Application Windows versions prior to 2.9.2. If a user clicks a specially crafted link in the application, an arbitrary file may be downloaded from an external website and executed. As a result, arbitrary code may be executed ...

CVE-2024-50307

Use of potentially dangerous function issue exists in Chatwork Desktop Application Windows versions prior to 2.9.2. If a user clicks a specially crafted link in the application, an arbitrary file may be downloaded from an external website and executed. As a result, arbitrary code may be executed ...

CVE-2024-50307

CVE-2024-50307 affects Chatwork Desktop Application (Windows) before 2.9.2. The vulnerability arises from use of a potentially dangerous function (CWE-676) that can be exploited when a user clicks a specially crafted link, allowing an arbitrary file to be downloaded from an external site and exec...

CVE-2024-50307

Use of potentially dangerous function issue exists in Chatwork Desktop Application Windows versions prior to 2.9.2. If a user clicks a specially crafted link in the application, an arbitrary file may be downloaded from an external website and executed. As a result, arbitrary code may be executed ...

Chatwork 安全漏洞

Chatwork is a business group chat application from Chatwork, Inc. A security vulnerability exists in Chatwork versions prior to 2.9.2, which stems from the use of potentially dangerous functions that, if a user clicks on a specially constructed link in the application, could download and execute...