CVE-2025-3774

The Wise Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the X-Forwarded-For header in all versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scrip...

CVE-2025-3774

The Wise Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the X-Forwarded-For header in all versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scrip...

CVE-2025-3774

CVE-2025-3774 covers Wise Chat for WordPress (versions up to and including 3.3.4) with an unauthenticated Stored XSS via the X-Forwarded-For header. The vulnerability stems from insufficient input sanitization and output escaping, enabling attackers to inject scripts that execute when users load ...

CVE-2024-13613

The Wise Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.3 via the 'uploads' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads directory which c...

CVE-2024-13613

CVE-2024-13613 concerns the Wise Chat WordPress plugin. The vulnerability allows unauthenticated attackers to access sensitive data stored under the uploads directory (wp-content/uploads), exposing file attachments included in chat messages. Affected versions go up to and including 3.3.3, with pa...

CVE-2024-13613 Wise Chat <= 3.3.3 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory

The Wise Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.3 via the 'uploads' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads directory which c...

PT-2025-21786 · WordPress · Wise Chat

Name of the Vulnerable Software and Affected Versions: Wise Chat plugin for WordPress versions prior to 3.3.4 Description: The issue allows unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads directory, which can contain file attachments included in ch...

WordPress Plugin Wise Chat Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress Wise Chat Plugin <= 3.1.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Wise Chat Type Plugin Vulnerable versions = 3.1.3 Fixed in 3.1.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-32504 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 14930cd15ca4 Credits Justiice Required privile...

WordPress Wise Chat Plugin Has Unspecified Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform using PHP language development, the platform supports in PHP and MySQL servers to set up a personal blog site.Wise Chat plugin is used in one of the live chat plugin. An unspecified vulnerability exists in the WordPress Wis...

WordPress Wisechat 2.6.3 Forced Redirect / Phishing

Exploit Title: Wordpress Plugin Wisechat if window.opener window.opener.parent.location.replace'http://mtk911.cf/'; if window.parent != window window.parent.location.replace'http://mtk911.cf/'; Open Redirect TEST when you click on that user. This opens in a new tab, and the parent tab is silently...

CVE-2019-6780

The Wise Chat plugin before 2.7 for WordPress mishandles external links because rendering/filters/post/WiseChatLinksPostFilter.php omits noopener and noreferrer...

CVE-2019-6780

The Wise Chat plugin before 2.7 for WordPress mishandles external links because rendering/filters/post/WiseChatLinksPostFilter.php omits noopener and noreferrer...

CVE-2019-6780

The Wise Chat plugin before 2.7 for WordPress mishandles external links because rendering/filters/post/WiseChatLinksPostFilter.php omits noopener and noreferrer...