Stored Cross-Site Scripting Vulnerability in Chatra Live Chat Plugin for WordPress
CVE-2026-12041
4.4MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 8 July 2026
What is CVE-2026-12041?
The Chatra Live Chat + ChatBot + Cart Saver plugin for WordPress is susceptible to a stored cross-site scripting vulnerability through its admin settings. This issue arises due to inadequate input sanitization and output escaping, allowing authenticated users with administrative privileges to embed malicious web scripts within pages. As a result, these scripts are executed every time a user visits any compromised page. This vulnerability particularly impacts multi-site installations where the option 'unfiltered_html' is disabled.
Affected Version(s)
Chatra Live Chat + ChatBot + Cart Saver 0 <= 1.0.12