5 matches found
CVE-2026-0736
The Chatbot for WordPress by Collect.chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'inpostheadscriptsynthheaderscript' post meta field in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping. This makes it possible fo...
CVE-2026-0736 Chatbot for WordPress by Collect.chat ⚡️ <= 2.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta Field
The Chatbot for WordPress by Collect.chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'inpostheadscriptsynthheaderscript' post meta field in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping. This makes it possible fo...
CVE-2026-0736
CVE-2026-0736 describes a stored cross-site scripting vulnerability in the WordPress plugin “Chatbot for WordPress by Collect.chat” for versions up to 2.4.8. The root cause is insufficient input sanitization and output escaping in the post meta field _inpost_head_script[synth_header_script]. Expl...
PT-2026-8066
The Chatbot for WordPress by Collect.chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ' inpost head scriptsynth header script' post meta field in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping. This makes it possib...
CVE-2024-6498
The Chatbot for WordPress by Collect.chat ⚡️ WordPress plugin before 2.4.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...