Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:19 a.m.18 views

CVE-2024-2837

The WP Chat App WordPress plugin before 3.6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admins to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

5.4CVSS6AI score0.00522EPSS
Exploits2References1
CVE
CVE
added 2024/04/26 5:0 a.m.84 views

CVE-2024-2837

CVE-2024-2837 affects the WP Chat App WordPress plugin, prior to version 3.6.4. The vulnerability arises because the plugin does not sanitize and escape some settings, enabling high-privilege users (e.g., admins) to perform Cross-Site Scripting even when unfiltered_html is disallowed. Impact is d...

5.4CVSS8.3AI score0.00522EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2024/04/26 5:0 a.m.32 views

CVE-2024-2837 WP Chat App < 3.6.4 - Admin+ Stored XSS

The WP Chat App WordPress plugin before 3.6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admins to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

5.9AI score0.00522EPSS
Exploits2References1
Patchstack
Patchstack
added 2024/04/26 12:0 a.m.25 views

WordPress WP Chat App Plugin < 3.6.4 is vulnerable to Cross Site Scripting (XSS)

Software WP Chat App Type Plugin Vulnerable versions 3.6.4 Fixed in 3.6.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2837 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b3b62a2992fa Credits Dmitrii Ignatyev Required...

5.4CVSS5.7AI score0.00522EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder