Lucene search
HistoryMar 20, 2024 - 5:15 a.m.
CVE-2024-1983
cve-2024-1983
wordpress
plugin
names
reflected
unsanitized
visitors
chat
CVSS3
7.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
AI Score
6.3
Confidence
High
EPSS
0
Percentile
9.0%
The Simple Ajax Chat WordPress plugin before 20240223 does not prevent visitors from using malicious Names when using the chat, which will be reflected unsanitized to other users.
Related
cve
cve
CVE-2024-1983
2024-03-20 05:15:45
CVE-2024-2957
2024-04-09 19:15:38
wpexploit
wpexploit
Simple Ajax Chat < 20240223 - Unauthenticated Stored XSS
2024-02-28 00:00:00
cvelist
cvelist
CVE-2024-1983 Simple Ajax Chat < 20240223 - Unauthenticated Stored XSS
2024-03-20 05:00:02
wpvulndb
wpvulndb
Simple Ajax Chat < 20240223 - Unauthenticated Stored XSS
2024-02-28 00:00:00
vulnrichment
vulnrichment
CVE-2024-1983 Simple Ajax Chat < 20240223 - Unauthenticated Stored XSS
2024-03-20 05:00:02
nvd
nvd
CVE-2024-2957
2024-04-09 19:15:38
wordfence
wordfence
CVSS3
7.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
AI Score
6.3
Confidence
High
EPSS
0
Percentile
9.0%
Related for NVD:CVE-2024-1983