Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in Sticky Chat Widget: WhatsApp, Messenger, Click to chat, SMS, Email, Messages, Call Button, Contact form and more Chat buttons 1.1.8

  • Severity: medium-risk
  • Status: Fixed
  • Publication: December 26, 2023

The Sticky Chat Widget is a plugin used with WordPress websites, which allows users to add WhatsApp, Messenger, Click to chat, SMS, Email, Messages, Call Button, Contact form and more Chat buttons to their website. Unfortunately, all versions up to and including 1.1.8 of this plugin are vulnerable to a type of attack called Stored Cross-Site Scripting. This attack can occur if an attacker with administrator-level permissions has access to an infected website. This attack allows them to inject malicious web scripts into pages, which can be executed when a user accesses an infected page. This only applies to multi-site installations and installations where a feature called ‘unfiltered_html’ has been disabled.

Detected in:

Sticky Chat Widget – Floating Chat Icons, Contact Form, Call, Click to Chat, Email & Message Buttons fixed vulnerable versions:
Sticky Chat Widget: Chat Icons, Contact form, Email, SMS, Call Button, Click to Chat, Social Chat Widget, Sticky Chat Buttons fixed vulnerable versions:
Sticky Chat Widget: WhatsApp, Messenger, Click to chat, SMS, Email, Messages, Call Button, Contact form and more Chat buttons fixed vulnerable versions: >= * <= 1.1.8
Sticky Chat Widget: WhatsApp, Messenger, Contact Chat Icons, Contact form, Telegram, WeChat, Email, SMS, Call Button fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.