7 matches found
EUVD-2024-50868
Malicious code in bioql PyPI...
CVE-2024-12451
The HTML5 chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'HTML5CHAT' shortcode in all versions up to, and including, 1.07 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-12451
The HTML5 chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'HTML5CHAT' shortcode in all versions up to, and including, 1.04 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-12451
The HTML5 chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'HTML5CHAT' shortcode in all versions up to, and including, 1.07 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-12451 HTML5 chat <= 1.07 - Authenticated (Contributor+) Stored Cross-Site Scripting
The HTML5 chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'HTML5CHAT' shortcode in all versions up to, and including, 1.07 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-12451
CVE-2024-12451 documents a Stored Cross-Site Scripting (XSS) flaw in the HTML5 chat WordPress plugin (versions up to and including 1.04) via the HTML5CHAT shortcode due to insufficient input sanitization and output escaping. Authenticated attackers with contributor-level access or higher can inje...
PT-2025-1853 · WordPress · Html5 Chat Plugin
Name of the Vulnerable Software and Affected Versions: HTML5 Chat Plugin for WordPress versions 1.04 and earlier Description: The issue concerns a Stored Cross-Site Scripting vulnerability in the HTML5 chat plugin for WordPress. This vulnerability is due to insufficient input sanitization and...