CVE-2024-4149

CVE-2024-4149 affects the Floating Chat Widget (Chaty) WordPress plugin prior to 3.2.3. The vulnerability stems from unsanitized/uncleaned settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed. Affected version range: before 3.2.3. The impact...