Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Simple_ajax_chat
(Plugin\-Planet)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 5 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-06-04 | CVE-2024-2470 | The Simple Ajax Chat WordPress plugin before 20240412 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | Simple_ajax_chat | N/A | ||
| 2024-03-20 | CVE-2024-1983 | The Simple Ajax Chat WordPress plugin before 20240223 does not prevent visitors from using malicious Names when using the chat, which will be reflected unsanitized to other users. | Simple_ajax_chat | N/A | ||
| 2022-03-25 | CVE-2022-25610 | Unauthenticated Stored Cross-Site Scripting (XSS) in Simple Ajax Chat <= 20220115 allows an attacker to store the malicious code. However, the attack requires specific conditions, making it hard to exploit. | Simple_ajax_chat | 6.1 | ||
| 2022-04-15 | CVE-2022-27849 | Sensitive Information Disclosure (sac-export.csv) in Simple Ajax Chat (WordPress plugin) <= 20220115 | Simple_ajax_chat | 7.5 | ||
| 2022-04-15 | CVE-2022-27850 | Cross-Site Request Forgery (CSRF) in Simple Ajax Chat (WordPress plugin) <= 20220115 allows an attacker to clear the chat log or delete a chat message. | Simple_ajax_chat | 4.3 |