More information about this CVE will likely be available in a few days
Description
The Simple Ajax Chat WordPress plugin before 20240412 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Related CPE's
Could not find any relations
Weaknesses
Could not find any weaknesses
CVSS impact metrics
Could not find any metrics
Information
Source identifier
Vulnerability status
Awaiting analysis
Published
2024-06-04T06:15:09.937
1 month agoLast modified
2024-06-04T16:57:41.053
1 month ago