3 matches found
CVE-2024-1761 WP Chat App <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes
The WP Chat App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget/block in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping on user supplied attributes such as 'buttonColor' and 'phoneNumber'. This makes it...
CVE-2024-1761
CVE-2024-1761 : The WP Chat App plugin for WordPress is vulnerable to stored Cross‑Site Scripting via its widget/block attributes (notably buttonColor and phoneNumber) in all versions up to and including 3.6.1. This can allow authenticated attackers with contributor level or higher to inject arbi...
WordPress WP Chat App Plugin <= 3.6.1 is vulnerable to Cross Site Scripting (XSS)
Software WP Chat App Type Plugin Vulnerable versions = 3.6.1 Fixed in 3.6.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1761 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b848bc725213 Credits Ngô Thiên An ancorn Required...