Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:09383587-8251-4955-A48A-70AE0BDC228E
HistoryDec 16, 2021 - 12:00 a.m.

Crisp Live Chat < 0.32 - CSRF to Stored Cross-Site Scripting

2021-12-1600:00:00
wpscan.com
20
crisp live chat
cross-site request forgery
stored cross-site scripting
plugin vulnerability
nonce validation
web scripts
version 0.31

EPSS

0.001

Percentile

41.8%

JSON

The plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the crisp_plugin_settings_page function found in the ~/crisp.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 0.31.

Related

cvelist 1
prion 1
patchstack 1
nvd 1
cve 1
cnvd 1
cvelist
cvelist
CVE-2021-43353 Crisp Live Chat <= 0.31 Cross-Site Request Forgery to Stored Cross-Site Scripting
2022-01-18 16:52:24
prion
prion
Cross site request forgery (csrf)
2022-01-18 17:15:00
patchstack
patchstack
WordPress Crisp Live Chat plugin <= 0.31 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)
2021-12-16 00:00:00
nvd
nvd
CVE-2021-43353
2022-01-18 17:15:09
cve
cve
CVE-2021-43353
2022-01-18 17:15:09
cnvd
cnvd
WordPress Crisp Live Chat plugin cross-site scripting vulnerability
2022-01-21 00:00:00

EPSS

0.001

Percentile

41.8%

JSON
Related for WPVDB-ID:09383587-8251-4955-A48A-70AE0BDC228E
cvelist1prion1patchstack1nvd1cve1cnvd1