CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52489 – WordPress Add Chat App Button plugin <= 2.1.5 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-52489
20 Nov 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Udi Dollberg Add Chat App Button allows Stored XSS.This issue affects Add Chat App Button: from n/a through 2.1.5. La vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('Cross-site Scripting') en Udi Dollberg Add Chat App Button permite XSS almacenado. Este problema afecta a Add Chat App Button: desde n/a hasta 2.1.5. The Add Chat App Button plugin for WordPress ... • https://patchstack.com/database/wordpress/plugin/add-whatsapp-button/vulnerability/wordpress-add-chat-app-button-plugin-2-1-5-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29789 – WordPress OneClick Chat to Order plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-29789
25 Mar 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Walter Pinem OneClick Chat to Order allows Stored XSS.This issue affects OneClick Chat to Order: from n/a through 1.0.5. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en Walter Pinem OneClick Chat to Order permite XSS almacenado. Este problema afecta a OneClick Chat to Order: desde n/a hasta 1.0.5. The OneClick Chat to Order plugin... • https://patchstack.com/database/vulnerability/oneclick-whatsapp-order/wordpress-oneclick-chat-to-order-plugin-1-0-5-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51370 – WordPress WP Chat App Plugin <= 3.4.4 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-51370
26 Dec 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NinjaTeam WP Chat App allows Stored XSS.This issue affects WP Chat App: from n/a through 3.4.4. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en NinjaTeam WP Chat App permite almacenar XSS. Este problema afecta a la aplicación WP Chat: desde n/a hasta 3.4.4. The WP Chat App plugin for WordPress is vulnerable to Stored Cross-Site Sc... • https://patchstack.com/database/vulnerability/wp-whatsapp/wordpress-wp-chat-app-plugin-3-4-4-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38538
https://notcve.org/view.php?id=CVE-2023-38538
04 Oct 2023 — A race condition in an event subsystem led to a heap use-after-free issue in established audio/video calls that could have resulted in app termination or unexpected control flow with very low probability. Una condición de ejecución en un subsistema de eventos provocó un problema de use-after-free en llamadas de audio/video establecidas que podría haber resultado en la terminación de la aplicación o en un flujo de control inesperado con muy baja probabilidad. • https://www.whatsapp.com/security/advisories/2023 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38537
https://notcve.org/view.php?id=CVE-2023-38537
04 Oct 2023 — A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video calls that could have resulted in app termination or unexpected control flow with very low probability. Una condición de ejecución en un subsistema de transporte de red provocó un problema de use-after-free en llamadas de audio/video entrantes establecidas o no silenciadas que podrían haber resultado en la terminación de la aplicación o en un flujo de control inesperado con ... • https://www.whatsapp.com/security/advisories/2023 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 0CVE-2022-27492
https://notcve.org/view.php?id=CVE-2022-27492
23 Sep 2022 — An integer underflow in WhatsApp could have caused remote code execution when receiving a crafted video file. Un desbordamiento de enteros en WhatsApp podría haber causado una ejecución de código remota cuando es recibido un archivo de vídeo diseñado. • https://www.whatsapp.com/security/advisories/2022 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 10.0EPSS: 7%CPEs: 4EXPL: 0CVE-2022-36934
https://notcve.org/view.php?id=CVE-2022-36934
22 Sep 2022 — An integer overflow in WhatsApp could result in remote code execution in an established video call. Un desbordamiento de enteros en WhatsApp podría dar resultar en una ejecución de código remota en una videollamada establecida • https://www.whatsapp.com/security/advisories/2022 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 3CVE-2020-20096 – RTLO Injection URI Spoofing
https://notcve.org/view.php?id=CVE-2020-20096
23 Mar 2022 — Whatsapp iOS 2.19.80 and prior and Android 2.19.222 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages. Whatsapp iOS 2.19.80 y anteriores y Android 2.19.222 y versiones anteriores de interfaz de usuario, no representa apropiadamente los mensajes URI al usuario, lo que resulta en una suplantación de URI por medio de mensajes especialmente diseñados RTLO injection URI spoofing generator for WhatsApp, iMessage, Instagram, ... • https://packetstorm.news/files/id/166448 •
CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-24043
https://notcve.org/view.php?id=CVE-2021-24043
02 Feb 2022 — A missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp Business for Android v2.21.23.2, WhatsApp for iOS v2.21.230.6, WhatsApp Business for iOS 2.21.230.7, and WhatsApp Desktop v2.2145.0 could have allowed an out-of-bounds heap read if a user sent a malformed RTCP packet during an established call. Una comprobación de límites ausente en el código de análisis de banderas RTCP anterior a WhatsApp para Android versión v2.21.23.2, WhatsApp Business para Android versió... • https://www.whatsapp.com/security/advisories/2021 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-24042
https://notcve.org/view.php?id=CVE-2021-24042
04 Jan 2022 — The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Business for iOS prior to v2.21.230, WhatsApp for KaiOS prior to v2.2143, WhatsApp Desktop prior to v2.2146 could have allowed an out-of-bounds write if a user makes a 1:1 call to a malicious actor. La lógica de llamada de WhatsApp para Android versiones anteriores a 2.21.23, WhatsApp Business para Android versiones anteriores a 2.21.23, WhatsApp para i... • https://www.whatsapp.com/security/advisories/2021 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •