VYPR

Wp Live Chat Shoutbox

by WordPress

CVEs (2)

  • CVE-2023-1020CriApr 24, 2023
    risk 0.64cvss 9.8epss 0.05

    The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.

  • CVE-2023-0899MedApr 24, 2023
    risk 0.40cvss 6.1epss 0.00

    The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before outputting it back in the Shoutbox, leading to Stored Cross-Site Scripting which could be used against high privilege users such as admins.