Cross-Site Scripting (XSS) Vulnerability in WP Chat App Plugin
CVE-2024-2837

Currently unrated

Key Information:

Vendor: Wordpress
Status: WP Chat App
Vendor: CVE Published:; 26 April 2024

Summary

The WP Chat App WordPress plugin before 3.6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admins to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

References

https://wpscan.com/vulnerability/91058c48-f262-4fcc-9390-...

Timeline

Vulnerability published
Apr 26, 2024