3 matches found
CVE-2025-1450
CVE-2025-1450 affects the Floating Chat Widget: Chaty plugin for WordPress. It is a Stored XSS via the data-hover parameter in all versions up to 3.3.5. An authenticated attacker with Contributor-level access or higher can inject scripts that execute when users view the injected page. Connected s...
CVE-2024-2972
CVE-2024-2972 affects the WordPress plugin Floating Chat Widget (Chaty) before version 3.1.9. The issue is stored XSS caused by inadequate sanitization/escaping of plugin settings, enabling high-privilege users (e.g., admins) to inject script even when unfiltered_html is disallowed (including mul...
CVE-2024-4149
CVE-2024-4149 affects the Floating Chat Widget (Chaty) WordPress plugin prior to 3.2.3. The vulnerability stems from unsanitized/uncleaned settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed. Affected version range: before 3.2.3. The impact...