Malicious code in kurumi-fca (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f90450e6ca1502bf6287d945c37c4c64f59e624a4269ab8e07600a9db5e755d0 kurumi-fca is a Facebook Chat API library whose advertised purpose is to listen to Messenger events for the caller. Two undisclosed behaviors make it...

EUVD-2020-30790

Malware in sbrugna...

EUVD-2025-22148

Malicious code in bioql PyPI...

MAL-2025-20143 Malicious code in facebook-chat-api-deku (npm)

The package facebook-chat-api-deku was found to contain malicious code...

Malicious code in facebook-chat-api-deku (npm)

The package facebook-chat-api-deku was found to contain malicious code...

CVE-2025-51397

A stored cross-site scripting XSS vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Surname parameter under the Recipient' Lists...

CVE-2025-51397

A stored cross-site scripting XSS vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Surname parameter under the Recipient' Lists...

CVE-2025-51397

A stored cross-site scripting XSS vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Surname parameter under the Recipient' Lists...

live helper chat 安全漏洞

Live Helper Chat is an open source plugin that supports online chat by an individual developer Live Helper Chat. Provides chat functionality for web platforms. A security vulnerability exists in live helper chat version v4.60, which stems from insufficient validation of the Surname parameter inpu...

PT-2025-30331 · Meta +1 · Facebook Chat +1

Name of the Vulnerable Software and Affected Versions: Live Helper Chat versions 4.60 Description: A stored cross-site scripting XSS vulnerability exists in the Facebook Chat module. This allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Surname...

CVE-2025-51397

CVE-2025-51397 is a stored XSS in Live Helper Chat (Facebook Chat module) affecting version 4.60 (and around 4.61 according to some sources). The vulnerability occurs when an attacker injects a crafted payload into the Recipient List’s Surname field, which is stored and can execute script when an...

CVE-2025-51397

A stored cross-site scripting XSS vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Surname parameter under the Recipient' Lists...

CVE-2025-51397

A stored cross-site scripting XSS vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Surname parameter under the Recipient' Lists...

CVE-2020-36838

The Facebook Chat Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wpajaxupdateoptions function in versions up to, and including, 1.5. This flaw makes it possible for low-level authenticated attackers to connect their own Facebook Messenger accou...

CVE-2020-36838

The Facebook Chat Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wpajaxupdateoptions function in versions up to, and including, 1.5. This flaw makes it possible for low-level authenticated attackers to connect their own Facebook Messenger accou...

CVE-2020-36838 Facebook Chat Plugin <= 1.5 - Missing Capabilities Check

The Facebook Chat Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wpajaxupdateoptions function in versions up to, and including, 1.5. This flaw makes it possible for low-level authenticated attackers to connect their own Facebook Messenger accou...

WordPress plugin Facebook Chat 访问控制错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An access control...

PT-2024-10848 · Facebook · Facebook Chat Plugin For Wordpress

Name of the Vulnerable Software and Affected Versions: Facebook Chat Plugin for WordPress versions up to and including 1.5 Description: The Facebook Chat Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp ajax update options function. This flaw...

WordPress The Official Facebook Chat Plugin <= 1.5 - Authenticated Options Change vulnerability

Authenticated Options Change vulnerability discovered by WordFence in WordPress The Official Facebook Chat Plugin versions = 1.5. Solution Update the WordPress The Official Facebook Chat Plugin to the latest available version at least 1.6...

The Official WordPress Facebook Chat Plugin < 1.6 - Authenticated Options Change to Chat Takeover

This flaw made it possible for low-level authenticated attackers to connect their own Facebook Messenger account to any site running the vulnerable plugin and engage in chats with site visitors on affected sites. PoC Obtain PageID from a test Facebook Page found under page - about - pageID. Use...