More information about this CVE will likely be available in a few days

Description

The Simple Ajax Chat WordPress plugin before 20240412 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Related CPE's

Could not find any relations

References

https://wpscan.com/vulnerability/8514b8ce-ff23-4aba-b2f1-fd36beb7d2ff/

Weaknesses

Could not find any weaknesses

CVSS impact metrics

Could not find any metrics

Information

Source identifier

[email protected]

Vulnerability status

Awaiting analysis

Published

2024-06-04T06:15:09.937

1 month ago

Last modified

2024-06-04T16:57:41.053

1 month ago