CVE-2024-10533
- EPSS 0.11%
- Published 16.11.2024 04:15:04
- Last modified 18.11.2024 17:11:17
The WP Chat App plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the ajax_install_plugin() function in all versions up to, and including, 3.6.8. This makes it possible for authenticated attac...
CVE-2024-4664
- EPSS 0.08%
- Published 27.06.2024 06:15:13
- Last modified 21.11.2024 09:43:19
The WP Chat App WordPress plugin before 3.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admins to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
CVE-2024-2837
- EPSS 0.34%
- Published 26.04.2024 05:15:50
- Last modified 14.04.2025 14:20:24
The WP Chat App WordPress plugin before 3.6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admins to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
CVE-2024-2513
- EPSS 0.2%
- Published 09.04.2024 19:15:35
- Last modified 27.02.2025 14:54:18
The WP Chat App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'imageAlt' block attribute in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. T...
CVE-2024-1761
- EPSS 0.17%
- Published 07.03.2024 05:15:54
- Last modified 21.01.2025 16:53:47
The WP Chat App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget/block in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping on user supplied attributes such as...
CVE-2023-51370
- EPSS 0.06%
- Published 12.02.2024 07:15:09
- Last modified 21.11.2024 08:37:58
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NinjaTeam WP Chat App allows Stored XSS.This issue affects WP Chat App: from n/a through 3.4.4.