64 matches found
CVE-2026-7795
The Click to Chat – WA Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the chat shortcode 'num' parameter in all versions up to, and including, 4.38. This is due to insufficient escaping when embedding user-supplied shortcode attribute values inside JavaScript string...
CVE-2026-7795 Click to Chat <= 4.39 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'num' Shortcode Parameter
The Click to Chat – WA Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the chat shortcode 'num' parameter in all versions up to, and including, 4.38. This is due to insufficient escaping when embedding user-supplied shortcode attribute values inside JavaScript string...
CVE-2026-7795 Click to Chat <= 4.39 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'num' Shortcode Parameter
The Click to Chat – WA Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the chat shortcode 'num' parameter in all versions up to, and including, 4.38. This is due to insufficient escaping when embedding user-supplied shortcode attribute values inside JavaScript string...
CVE-2026-7795
The Click to Chat – WA Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the chat shortcode 'num' parameter in all versions up to, and including, 4.38. This is due to insufficient escaping when embedding user-supplied shortcode attribute values inside JavaScript string...
EUVD-2026-34949
The Click to Chat – WA Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the chat shortcode 'num' parameter in all versions up to, and including, 4.38. This is due to insufficient escaping when embedding user-supplied shortcode attribute values inside JavaScript string...
CVE-2026-7795
The CVE covers the WordPress plugin Click to Chat – WA Widget. Affected component: the [chat] shortcode, parameter num. Root cause: insufficient escaping of user-supplied shortcode attributes inside a JavaScript string that ends up in an HTML onclick attribute; esc_attr() converts quotes to ', wh...
PT-2026-47132
Name of the Vulnerable Software and Affected Versions Click to Chat – WA Widget versions prior to 4.39 Description The plugin is subject to Stored Cross-Site Scripting. Authenticated attackers with Contributor-level access or higher can inject arbitrary web scripts into pages. This occurs because...
WordPress plugin Click to Chat – WA Widget 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
WordPress Click to Chat – HoliThemes plugin <= 4.39 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Valatty in WordPress Plugin Click to Chat versions = 4.39...
EUVD-2024-43347
Malicious code in bioql PyPI...
EUVD-2024-32417
Malicious code in bioql PyPI...
EUVD-2022-51824
Malicious code in bioql PyPI...
EUVD-2025-18334
Malicious code in bioql PyPI...
EUVD-2025-8529
Malicious code in bioql PyPI...
EUVD-2025-15759
Malicious code in bioql PyPI...
WordPress Click to Chat plugin <= 4.22 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via data-no_number Parameter vulnerability
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via data-nonumber Parameter vulnerability discovered by Asaf Mozes in WordPress Plugin Click to Chat versions = 4.22...
CVE-2025-5336
The Click to Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-nonumber’ parameter in all versions up to, and including, 4.22 to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acces...
CVE-2025-5336 Click to Chat <= 4.22 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via data-no_number Parameter
The Click to Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-nonumber’ parameter in all versions up to, and including, 4.22 to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acces...
CVE-2025-5336
CVE-2025-5336 concerns WordPress plugin “Click to Chat” for HoliThemes. The vulnerability is a Stored DOM-based Cross-Site Scripting via the data-no_number parameter in versions up to 4.22, caused by insufficient input sanitization and output escaping. Exploitation requires authenticated access a...
WordPress plugin Click to Chat 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Click to Chat plugin, which stems from insufficient input cleanup and escaping, and can be exploited by an attacker ...