VYPR

Simple Ajax Chat

by WordPress

Source repositories

CVEs (6)

  • CVE-2024-1983HigMar 20, 2024
    risk 0.46cvss 7.1epss 0.00

    The Simple Ajax Chat WordPress plugin before 20240223 does not prevent visitors from using malicious Names when using the chat, which will be reflected unsanitized to other users.

  • CVE-2022-27850MedApr 15, 2022
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) in Simple Ajax Chat (WordPress plugin) <= 20220115 allows an attacker to clear the chat log or delete a chat message.

  • CVE-2022-27849MedApr 15, 2022
    risk 0.35cvss 5.3epss 0.05

    Sensitive Information Disclosure (sac-export.csv) in Simple Ajax Chat (WordPress plugin) <= 20220115

  • CVE-2026-2987MedMar 12, 2026
    risk 0.33cvss 6.1epss 0.00

    The Simple Ajax Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'c' parameter in versions up to, and including, 20260217 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject…

  • CVE-2024-2956MedMar 27, 2024
    risk 0.29cvss 4.4epss 0.00

    The Simple Ajax Chat – Add a Fast, Secure Chat Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 20231101 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2022-25610LowMar 25, 2022
    risk 0.22cvss 3.4epss 0.01

    Unauthenticated Stored Cross-Site Scripting (XSS) in Simple Ajax Chat <= 20220115 allows an attacker to store the malicious code. However, the attack requires specific conditions, making it hard to exploit.