CVE-2026-27370

CVE-2026-27370 describes an information-disclosure flaw in WordPress Chaty plugin (versions up to and including 3.5.1). The issue is labeled as an insertion of sensitive information into sent data, enabling retrieval of embedded sensitive data. Affected product: Chaty (WordPress plugin). Underlyi...

CVE-2026-27370 WordPress Chaty plugin <= 3.5.1 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Premio Chaty chaty allows Retrieve Embedded Sensitive Data.This issue affects Chaty: from n/a through = 3.5.1...

WordPress Chaty plugin <= 3.5.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by daroo in WordPress Plugin Chaty versions = 3.5.1...

WordPress Chaty plugin <= 3.3.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Chaty versions = 3.3.5...

WordPress Chaty plugin < 3.1.9 - Editor+ Stored XSS vulnerability

Editor+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Chaty versions 3.1.9...

WordPress Chaty Plugin < 3.1.9 is vulnerable to Cross Site Scripting (XSS)

Software Chaty Type Plugin Vulnerable versions 3.1.9 Fixed in 3.1.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2972 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID de00cfe54026 Credits Dmitrii Ignatyev Required privilege...

WordPress Chaty Plugin <= 3.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Chaty Type Plugin Vulnerable versions = 3.1.2 Fixed in 3.1.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47759 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f6b69b724ed3 Credits emad Required privilege Administrator Published ...

WordPress Chaty Plugin < 3.1.2 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:premio:chaty"; ifdescription...

WordPress Chaty Plugin <= 3.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Chaty Type Plugin Vulnerable versions = 3.1.1 Fixed in 3.1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3245 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f10b64625618 Credits Dipak Panchal Required privilege...

WordPress Chaty Plugin <= 3.0.9 is vulnerable to Cross Site Scripting (XSS)

Software Chaty Type Plugin Vulnerable versions = 3.0.9 Fixed in 3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25019 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 46b92040d289 Credits Rafie Muhammad Patchstack...

WordPress Chaty Pro premium plugin <= 2.8.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Chaty Pro premium plugin versions = 2.8.1. Solution Update the WordPress Chaty Pro premium plugin to the latest available version at least 2.8.2...