CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32504 – WordPress Wise Chat Plugin <= 3.1.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-32504
09 May 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Kainex Wise Chat.This issue affects Wise Chat: from n/a through 3.1.3. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Kainex Wise Chat. Este problema afecta a Wise Chat: desde n/a hasta 3.1.3. The Wise Chat plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.3. This is due to missing nonce validation on several functions such as resetAnonymousCounterAction, resetSettingsAction, deleteAllUsersAndMess... • https://patchstack.com/database/vulnerability/wise-chat/wordpress-wise-chat-plugin-3-1-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-6780 – Wise Chat <= 2.6.3 - Reverse Tabnabbing
https://notcve.org/view.php?id=CVE-2019-6780
24 Jan 2019 — The Wise Chat plugin before 2.7 for WordPress mishandles external links because rendering/filters/post/WiseChatLinksPostFilter.php omits noopener and noreferrer. El plugin Wise Chat para WordPress, en versiones anteriores a la 2.7, gestiona de manera incorrecta los enlaces externos porque rendering/filters/post/WiseChatLinksPostFilter.php omite noopener y noreferrer. The Wise Chat plugin for WordPress is vulnerable to Reverse Tabnabbing in versions up to, and including, 2.6.3. This is due to mishandling of ... • https://www.exploit-db.com/exploits/46247 • CWE-20: Improper Input Validation CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •