4 matches found
CVE-2024-2837
The WP Chat App WordPress plugin before 3.6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admins to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2024-2837
CVE-2024-2837 affects the WP Chat App WordPress plugin, prior to version 3.6.4. The vulnerability arises because the plugin does not sanitize and escape some settings, enabling high-privilege users (e.g., admins) to perform Cross-Site Scripting even when unfiltered_html is disallowed. Impact is d...
CVE-2024-2837 WP Chat App < 3.6.4 - Admin+ Stored XSS
The WP Chat App WordPress plugin before 3.6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admins to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
WordPress WP Chat App Plugin < 3.6.4 is vulnerable to Cross Site Scripting (XSS)
Software WP Chat App Type Plugin Vulnerable versions 3.6.4 Fixed in 3.6.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2837 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b3b62a2992fa Credits Dmitrii Ignatyev Required...