Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-2470 | 1 Plugin-planet | 1 Simple Ajax Chat | 2025-05-21 | N/A | N/A |
| The Simple Ajax Chat WordPress plugin before 20240412 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-1983 | 1 Plugin-planet | 1 Simple Ajax Chat | 2025-05-05 | N/A | N/A |
| The Simple Ajax Chat WordPress plugin before 20240223 does not prevent visitors from using malicious Names when using the chat, which will be reflected unsanitized to other users. | |||||
| CVE-2022-25610 | 1 Plugin-planet | 1 Simple Ajax Chat | 2022-12-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Unauthenticated Stored Cross-Site Scripting (XSS) in Simple Ajax Chat <= 20220115 allows an attacker to store the malicious code. However, the attack requires specific conditions, making it hard to exploit. | |||||
| CVE-2022-27850 | 1 Plugin-planet | 1 Simple Ajax Chat | 2022-04-22 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) in Simple Ajax Chat (WordPress plugin) <= 20220115 allows an attacker to clear the chat log or delete a chat message. | |||||
| CVE-2022-27849 | 1 Plugin-planet | 1 Simple Ajax Chat | 2022-04-21 | 5.0 MEDIUM | 7.5 HIGH |
| Sensitive Information Disclosure (sac-export.csv) in Simple Ajax Chat (WordPress plugin) <= 20220115 | |||||