2 matches found
CVE-2022-3415 Chat Bubble < 2.3 - Unauthenticated Stored Cross-Site Scripting
The Chat Bubble WordPress plugin before 2.3 does not sanitise and escape some contact parameters, which could allow unauthenticated attackers to set Stored Cross-Site Scripting payloads in them, which will trigger when an admin view the related contact message...
CVE-2022-3415
CVE-2022-3415 affects the WordPress Chat Bubble plugin prior to version 2.3. The issue is an unauthenticated Stored Cross-Site Scripting (XSS) vulnerability caused by improper sanitisation/escaping of certain contact parameters, which can trigger when an admin views the related contact message. A...