CVE-2024-2837

The WP Chat App WordPress plugin before 3.6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admins to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

CVE-2024-2513

The WP Chat App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'imageAlt' block attribute in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

EUVD-2024-33167

Malicious code in bioql PyPI...

EUVD-2023-56091

Malicious code in bioql PyPI...

CVE-2023-51370

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NinjaTeam WP Chat App allows Stored XSS.This issue affects WP Chat App: from n/a through 3.4.4...

WordPress WP Chat App plugin <= 3.6.8 - Missing Authorization to Authenticated (Subscriber+) Filebird Plugin Installation vulnerability

Missing Authorization to Authenticated Subscriber+ Filebird Plugin Installation vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin WP Chat App versions = 3.6.8...

WordPress WP Chat App plugin < 3.6.5 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin WP Chat App versions 3.6.5...

CVE-2024-4664

The WP Chat App WordPress plugin before 3.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admins to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

CVE-2024-4664

The WP Chat App WordPress plugin before 3.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admins to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

CVE-2024-4664 WP Chat App < 3.6.5 - Admin+ Stored XSS

The WP Chat App WordPress plugin before 3.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admins to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

WordPress WP Chat App Plugin < 3.6.5 is vulnerable to Cross Site Scripting (XSS)

Software WP Chat App Type Plugin Vulnerable versions 3.6.5 Fixed in 3.6.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4664 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID d88d11629e30 Credits Krugov Artyom Required privile...

WordPress Plugin WP Chat App Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin WP Chat App 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-1761

The WP Chat App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget/block in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping on user supplied attributes such as 'buttonColor' and 'phoneNumber'. This makes it...

CVE-2024-1761

The WP Chat App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget/block in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping on user supplied attributes such as 'buttonColor' and 'phoneNumber'. This makes it...

Cross site scripting

The WP Chat App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget/block in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping on user supplied attributes such as 'buttonColor' and 'phoneNumber'. This makes it...

CVE-2024-1761

CVE-2024-1761 : The WP Chat App plugin for WordPress is vulnerable to stored Cross‑Site Scripting via its widget/block attributes (notably buttonColor and phoneNumber) in all versions up to and including 3.6.1. This can allow authenticated attackers with contributor level or higher to inject arbi...

CVE-2023-51370

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NinjaTeam WP Chat App allows Stored XSS.This issue affects WP Chat App: from n/a through 3.4.4...

CVE-2023-51370

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NinjaTeam WP Chat App allows Stored XSS.This issue affects WP Chat App: from n/a through 3.4.4...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NinjaTeam WP Chat App allows Stored XSS.This issue affects WP Chat App: from n/a through 3.4.4...