Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty 3.1.8

  • Severity: medium-risk
  • Status: Fixed
  • Publication: April 3, 2024

The Floating Chat Widget, a plugin for WordPress, has a security vulnerability that allows hackers to inject their own code into web pages. This can happen when a user with editor access or higher uses the Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, or Call Button features. The vulnerability is present in all versions up to 3.1.8 and is caused by a lack of proper input filtering and output protection.

Detected in:

Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty fixed vulnerable versions: >= * <= 3.1.8
Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button, WhatsApp – Chaty fixed vulnerable versions:
Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.