Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty 3.0.9

  • Severity: medium-risk
  • Status: Fixed
  • Publication: May 16, 2023

The Chaty plugin for WordPress is vulnerable to an attack where malicious script code can be stored and used to harm users when they visit a page. This only affects WordPress installations which are running multi-site or where a certain security feature has been disabled. Versions of Chaty up to and including 3.0.9 are affected due to inadequate security measures. Administrators with the highest level of permissions are the only ones who can exploit this vulnerability.

Detected in:

Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty fixed vulnerable versions: >= * <= 3.0.9
Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button, WhatsApp – Chaty fixed vulnerable versions:
Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.