Stored Cross-Site Scripting Vulnerability in MxChat Plugin for WordPress
CVE-2026-13005

4.4MEDIUM

What is CVE-2026-13005?

The MxChat plugin for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping within its admin settings. This vulnerability allows authenticated users with administrator-level permissions to inject malicious scripts. The impact is exacerbated in multi-site installations or when the unfiltered_html option is disabled, leading to potential execution of harmful scripts whenever a user accesses affected pages.

Affected Version(s)

MxChat – AI Chatbot & Content Generation for WordPress 0 <= 3.2.10

References

CVSS V3.1

Score:
4.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

PRISM
.