Lucene search
WpvulndbWPVDB-ID:2A4DDDAC-634F-49D2-9042-79CF5A7945DAHistoryAug 09, 2023 - 12:00 a.m.
Chat Button < 1.8.10 - Admin+ Stored XSS
2023-08-0900:00:00
wpscan.com
2
chat button
xss attacks
stored xss
plugin settings
high privilege users
unfiltered_html capability
multisite setup
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
| CPE | Name | Operator | Version |
|---|---|---|---|
| whatshelp-chat-button | eq | 1.8.10 |
Related
cve
cve
CVE-2023-32292
2023-08-08 13:15:10
cvelist
cvelist
nvd
nvd
CVE-2023-32292
2023-08-08 13:15:10
prion
prion
Cross site scripting
2023-08-08 13:15:00
wordfence
wordfence
5.4 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
14.2%
Related for WPVDB-ID:2A4DDDAC-634F-49D2-9042-79CF5A7945DA