14 matches found
Giga Messenger WordPress - Cross-Site Scripting
Giga Messenger WordPress plugin = 2.3.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...
CVE-2026-3506
The WP-Chatbot for Messenger plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite the...
CVE-2026-3506
The WP-Chatbot for Messenger plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite the...
CVE-2025-66113 WordPress Better Chat Support for Messenger plugin <= 1.2.18 - Broken Access Control vulnerability
Missing Authorization vulnerability in ThemeAtelier Better Chat Support for Messenger better-chat-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Chat Support for Messenger: from n/a through = 1.2.18...
CVE-2025-66113
CVE-2025-66113 affects the WordPress plugin Better Chat Support for Messenger (ThemeAtelier) up to version 1.2.18, describing a Missing Authorization / Broken Access Control vulnerability. Connected sources (Wordfence intelligence report and PatchStack) confirm the issue and indicate a patch has ...
WordPress Better Chat Support for Messenger plugin <= 1.2.18 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Better Chat Support for Messenger versions = 1.2.18...
Cross-site Scripting (XSS)
Overview @tawk.to/tawk-messenger-vue-3 is an Official Vue 3 plugin for Tawk messenger Affected versions of this package are vulnerable to Cross-site Scripting XSS via the tawkFileUpload endpoint in the chatbot. An attacker can execute arbitrary JavaScript code in the browser of other users by...
CVE-2024-13328
The Giga Messenger WordPress plugin through 2.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-13328
The Giga Messenger WordPress plugin through 2.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
PT-2025-2114
Name of the Vulnerable Software and Affected Versions Giga Messenger WordPress plugin versions 2.3.1 and earlier Description The issue is related to a Reflected Cross-Site Scripting problem, where a parameter is not properly sanitized and escaped before being outputted back in the page. This coul...
CVE-2023-32581
Missing Authorization vulnerability in larrykim WP-Chatbot for Messenger wp-chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Chatbot for Messenger: from n/a through = 4.7...
WordPress WP-Chatbot for Messenger Plugin <= 4.7 is vulnerable to Broken Access Control
Software WP-Chatbot for Messenger Type Plugin Vulnerable versions = 4.7 Fixed in 4.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32581 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 86362c6f5292 Credits István Márton Required...
SUSE CVE-2010-0277
slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a denial of service memory corruption and application crash or possibly have unspecified other impact via a malformed MSNSLP INVITE request in an SLP message, a...
Miranda instant messenger multiple security vulnerabilities
Yahoo! messenger plugin multiple buffer overflows...