2 matches found
CVE-2022-27849
The CVE-2022-27849 entry concerns WordPress Simple Ajax Chat plugin versions before 20220216, where unauthenticated users can access the sac-export.csv data due to improper access restrictions, leading to sensitive information disclosure. The connected Nuclei template confirms the basic vector (d...
CVE-2022-27850
CVE-2022-27850 : WordPress plugin Simple Ajax Chat contains a Cross-Site Request Forgery (CSRF) flaw up to version 20220115 that lets an attacker clear chat logs or delete messages. Public records note the vulnerable component is the plugin’s chat-management actions and that updating to at least ...