CVE-2021-25016

Summary

The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin before 2.8.2 do not sanitise and escape the search parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting

Affected Software

VendorProductVersion RangeStatus
UnknownFloating Chat Widget: Contact Icons, Messages, Telegram, Email, SMS, Call Button – Chaty2.8.3 < 2.8.3affected
UnknownFloating Chat Widget Pro - Chaty Pro2.8.2 < 2.8.2affected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References