CVE-2024-10533

The WP Chat App plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the ajaxinstallplugin function in all versions up to, and including, 3.6.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

PT-2024-32087 · WordPress · Wp Chat App

Name of the Vulnerable Software and Affected Versions: WP Chat App WordPress plugin versions prior to 3.6.5 Description: The issue allows high privilege users, such as admins, to perform Cross-Site Scripting attacks even when unfiltered html is disallowed, due to the plugin not sanitising and...

PT-2024-22402 · WordPress · Wp Chat App

Name of the Vulnerable Software and Affected Versions: WP Chat App WordPress plugin versions prior to 3.6.4 Description: The issue allows high privilege users, such as admins, to perform Cross-Site Scripting attacks even when unfiltered html is disallowed, due to the plugin not sanitizing and...

WordPress Plugin WP Chat App 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security...

WordPress WP Chat App Plugin <= 3.6.2 is vulnerable to Cross Site Scripting (XSS)

Software WP Chat App Type Plugin Vulnerable versions = 3.6.2 Fixed in 3.6.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2513 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3da0694e8a8a Credits Ngô Thiên An ancorn Required...