Search criteria
3 vulnerabilities found for wp_social_chat by quadlayers
FKIE_CVE-2022-2361
Vulnerability from fkie_nvd - Published: 2022-08-22 15:15 - Updated: 2024-11-21 07:00
Severity ?
Summary
The WP Social Chat WordPress plugin before 6.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks.
References
| URL | Tags | ||
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/aa69377d-ba9e-4a2f-921c-be2ab5edcb4e | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/aa69377d-ba9e-4a2f-921c-be2ab5edcb4e | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| quadlayers | wp_social_chat | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quadlayers:wp_social_chat:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "FF33CD35-9A71-4EF4-8BCD-7FAB2A9265A5",
"versionEndExcluding": "6.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WP Social Chat WordPress plugin before 6.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks."
},
{
"lang": "es",
"value": "El plugin WP Social Chat de WordPress versiones anteriores a 6.0.5, no sanea y escapa de algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con altos privilegios, como el administrador, llevar a cabo ataques de tipo Cross-Site Scripting Almacenado."
}
],
"id": "CVE-2022-2361",
"lastModified": "2024-11-21T07:00:50.263",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-22T15:15:14.560",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/aa69377d-ba9e-4a2f-921c-be2ab5edcb4e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/aa69377d-ba9e-4a2f-921c-be2ab5edcb4e"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "contact@wpscan.com",
"type": "Secondary"
}
]
}
CVE-2022-2361 (GCVE-0-2022-2361)
Vulnerability from cvelistv5 – Published: 2022-08-22 15:01 – Updated: 2024-08-03 00:32
VLAI?
Title
Social Chat < 6.0.5 - Admin+ Stored Cross-Site Scripting
Summary
The WP Social Chat WordPress plugin before 6.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-Site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | WP Social Chat – Click To Chat App |
Affected:
6.0.5 , < 6.0.5
(custom)
|
Credits
Raad Haddad
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/aa69377d-ba9e-4a2f-921c-be2ab5edcb4e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WP Social Chat \u2013 Click To Chat App",
"vendor": "Unknown",
"versions": [
{
"lessThan": "6.0.5",
"status": "affected",
"version": "6.0.5",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Raad Haddad"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Social Chat WordPress plugin before 6.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-22T15:01:30",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/aa69377d-ba9e-4a2f-921c-be2ab5edcb4e"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Social Chat \u003c 6.0.5 - Admin+ Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-2361",
"STATE": "PUBLIC",
"TITLE": "Social Chat \u003c 6.0.5 - Admin+ Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP Social Chat \u2013 Click To Chat App",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.0.5",
"version_value": "6.0.5"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Raad Haddad"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP Social Chat WordPress plugin before 6.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/aa69377d-ba9e-4a2f-921c-be2ab5edcb4e",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/aa69377d-ba9e-4a2f-921c-be2ab5edcb4e"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2361",
"datePublished": "2022-08-22T15:01:30",
"dateReserved": "2022-07-09T00:00:00",
"dateUpdated": "2024-08-03T00:32:09.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2361 (GCVE-0-2022-2361)
Vulnerability from nvd – Published: 2022-08-22 15:01 – Updated: 2024-08-03 00:32
VLAI?
Title
Social Chat < 6.0.5 - Admin+ Stored Cross-Site Scripting
Summary
The WP Social Chat WordPress plugin before 6.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-Site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | WP Social Chat – Click To Chat App |
Affected:
6.0.5 , < 6.0.5
(custom)
|
Credits
Raad Haddad
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/aa69377d-ba9e-4a2f-921c-be2ab5edcb4e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WP Social Chat \u2013 Click To Chat App",
"vendor": "Unknown",
"versions": [
{
"lessThan": "6.0.5",
"status": "affected",
"version": "6.0.5",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Raad Haddad"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Social Chat WordPress plugin before 6.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-22T15:01:30",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/aa69377d-ba9e-4a2f-921c-be2ab5edcb4e"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Social Chat \u003c 6.0.5 - Admin+ Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-2361",
"STATE": "PUBLIC",
"TITLE": "Social Chat \u003c 6.0.5 - Admin+ Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP Social Chat \u2013 Click To Chat App",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.0.5",
"version_value": "6.0.5"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Raad Haddad"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP Social Chat WordPress plugin before 6.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/aa69377d-ba9e-4a2f-921c-be2ab5edcb4e",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/aa69377d-ba9e-4a2f-921c-be2ab5edcb4e"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2361",
"datePublished": "2022-08-22T15:01:30",
"dateReserved": "2022-07-09T00:00:00",
"dateUpdated": "2024-08-03T00:32:09.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}