Unsanitized Chat Names Vulnerability Affects Simple Ajax Chat WordPress Plugin
CVE-2024-1983
Key Information:
- Vendor
- Wordpress
- Status
- Vendor
- CVE Published:
- 20 March 2024
Badges
Summary
The Simple Ajax Chat plugin for WordPress, prior to version 20240223, is susceptible to an input validation flaw that allows malicious users to submit harmful names in the chat feature. When these unsanitized inputs are displayed to other users in the chat, they create significant vulnerabilities, particularly exposing chat participants to cross-site scripting (XSS) attacks. This can lead to unauthorized actions performable through the browser of users who are exposed to this threat, compromising the security and integrity of user interactions in the chat.
Affected Version(s)
Simple Ajax Chat 0 < 20240223
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
Timeline
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability published
Vulnerability Reserved