CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0898 – Chat Bubble <= 2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-0898
27 Feb 2024 — The Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects mul... • https://wordpress.org/plugins/chat-bubble • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48769 – WordPress Chat Bubble Plugin <= 2.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-48769
28 Nov 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Blue Coral Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back.This issue affects Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back: from n/a through 2.3. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Blue Coral Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back. Este problema afecta a Blue Coral Chat Bubble –... • https://patchstack.com/database/vulnerability/chat-bubble/wordpress-chat-bubble-plugin-2-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3415 – Chat Bubble < 2.3 - Unauthenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-3415
18 Oct 2022 — The Chat Bubble WordPress plugin before 2.3 does not sanitise and escape some contact parameters, which could allow unauthenticated attackers to set Stored Cross-Site Scripting payloads in them, which will trigger when an admin view the related contact message El complemento Chat Bubble de WordPress anterior a 2.3 no sanitiza y escapa a algunos parámetros de contacto, lo que podría permitir a atacantes no autenticados configurar Cross-Site Scripting payloads almacenados en ellos, que se activarán cuando un ... • https://wpscan.com/vulnerability/012c5b64-ef76-4539-afd8-40f6c329ae88 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •