CVE-2024-2837 – WP Chat App < 3.6.4 - Admin+ Stored XSS

https://notcve.org/view.php?id=CVE-2024-2837

05 Apr 2024 — The WP Chat App WordPress plugin before 3.6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admins to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed El complemento WP Chat App de WordPress anterior a 3.6.4 no sanitiza ni escapa a algunas de sus configuraciones, lo que podría permitir a usuarios con altos privilegios, como administradores, realizar ataques de Cross-Site Scripting incluso cuando unfiltered_html no está permitido... • https://wpscan.com/vulnerability/91058c48-f262-4fcc-9390-472d59d61115 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •