CVE-2022-27849

The CVE-2022-27849 entry concerns WordPress Simple Ajax Chat plugin versions before 20220216, where unauthenticated users can access the sac-export.csv data due to improper access restrictions, leading to sensitive information disclosure. The connected Nuclei template confirms the basic vector (d...

CVE-2022-25610

CVE-2022-25610 affects the WordPress plugin Simple Ajax Chat ≤ 20220115. The vulnerability is an unauthenticated Stored Cross-Site Scripting (XSS) due to insufficient data validation/filtering of user input and output, allowing an attacker to store malicious code. Multiple connected sources corro...

CVE-2022-27850

CVE-2022-27850 : WordPress plugin Simple Ajax Chat contains a Cross-Site Request Forgery (CSRF) flaw up to version 20220115 that lets an attacker clear chat logs or delete messages. Public records note the vulnerable component is the plugin’s chat-management actions and that updating to at least ...

CVE-2024-1983

CVE-2024-1983 affects the WordPress plugin Simple Ajax Chat (formerly Simple Ajax Chat – Add a Fast, Secure Chat Box). The Red Hat/NVD description (and related sources) state the issue is that the plugin does not prevent visitors from using malicious Names in chat, which are reflected unsanitized...

CVE-2024-2470

CVE-2024-2470 affects the WordPress plugin Simple Ajax Chat, with the issue occurring in versions prior to 20240412. The vulnerability stems from insufficient sanitisation/escaping of certain plugin settings, enabling Stored XSS by high-privilege users (e.g., administrators), even when unfiltered...