Stored Cross-Site Scripting Vulnerability in MxChat Plugin for WordPress
CVE-2026-13005
4.4MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 16 July 2026
What is CVE-2026-13005?
The MxChat plugin for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping within its admin settings. This vulnerability allows authenticated users with administrator-level permissions to inject malicious scripts. The impact is exacerbated in multi-site installations or when the unfiltered_html option is disabled, leading to potential execution of harmful scripts whenever a user accesses affected pages.
Affected Version(s)
MxChat β AI Chatbot & Content Generation for WordPress 0 <= 3.2.10