CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48769 – WordPress Chat Bubble Plugin <= 2.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-48769
28 Nov 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Blue Coral Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back.This issue affects Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back: from n/a through 2.3. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Blue Coral Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back. Este problema afecta a Blue Coral Chat Bubble –... • https://patchstack.com/database/vulnerability/chat-bubble/wordpress-chat-bubble-plugin-2-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3415 – Chat Bubble < 2.3 - Unauthenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-3415
18 Oct 2022 — The Chat Bubble WordPress plugin before 2.3 does not sanitise and escape some contact parameters, which could allow unauthenticated attackers to set Stored Cross-Site Scripting payloads in them, which will trigger when an admin view the related contact message El complemento Chat Bubble de WordPress anterior a 2.3 no sanitiza y escapa a algunos parámetros de contacto, lo que podría permitir a atacantes no autenticados configurar Cross-Site Scripting payloads almacenados en ellos, que se activarán cuando un ... • https://wpscan.com/vulnerability/012c5b64-ef76-4539-afd8-40f6c329ae88 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •