JivoChat < 1.3.5.4 - Stored Cross-Site Scripting via CSRF
CVE-2022-0642

5.4MEDIUM

Key Information:

Vendor: Wordpress
Status: Jivochat Live Chat – WP Live Chat Plugin For WordPress
Vendor: CVE Published:; 30 May 2022

What is CVE-2022-0642?

The JivoChat Live Chat WordPress plugin before 1.3.5.4 does not properly check CSRF tokens on POST requests to the plugins admin page, and does not sanitise some parameters, leading to a stored Cross-Site Scripting vulnerability where an attacker can trick a logged in administrator to inject arbitrary javascript.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

JivoChat Live Chat – WP live chat plugin for WordPress 1.3.5.4

References

https://wpscan.com/vulnerability/099cf9b4-0b3a-43c6-8ca9-...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 30, 2022
Vulnerability Reserved
Feb 16, 2022

Credit

muhamad hidayat

JSON

Wordpress