External Link Vulnerability in Wise Chat Plugin for WordPress
CVE-2019-6780

6.1MEDIUM

Key Information:

Vendor
Wordpress
Status
Wise Chat
Vendor
CVE Published:
24 January 2019

Summary

The Wise Chat plugin for WordPress exhibits a vulnerability due to improper handling of external links. Specifically, the omission of 'noopener' and 'noreferrer' attributes in the rendering of external links can lead to security risks such as phishing attacks and performance issues. This flaw exists in versions prior to 2.7, making it essential for users to update to the latest version to mitigate the potential threat.

References

https://plugins.trac.wordpress.org/changeset/2016929/wise...
x_refsource_MISC
https://wordpress.org/plugins/wise-chat/#developers
x_refsource_MISC
https://www.exploit-db.com/exploits/46247/
exploitx_refsource_EXPLOIT-DB

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.