3 matches found
CVE-2022-25610
CVE-2022-25610 affects the WordPress plugin Simple Ajax Chat ≤ 20220115. The vulnerability is an unauthenticated Stored Cross-Site Scripting (XSS) due to insufficient data validation/filtering of user input and output, allowing an attacker to store malicious code. Multiple connected sources corro...
CVE-2024-1983
CVE-2024-1983 affects the WordPress plugin Simple Ajax Chat (formerly Simple Ajax Chat – Add a Fast, Secure Chat Box). The Red Hat/NVD description (and related sources) state the issue is that the plugin does not prevent visitors from using malicious Names in chat, which are reflected unsanitized...
CVE-2024-2470
CVE-2024-2470 affects the WordPress plugin Simple Ajax Chat, with the issue occurring in versions prior to 20240412. The vulnerability stems from insufficient sanitisation/escaping of certain plugin settings, enabling Stored XSS by high-privilege users (e.g., administrators), even when unfiltered...