CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29789 – WordPress OneClick Chat to Order plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-29789
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Walter Pinem OneClick Chat to Order allows Stored XSS.This issue affects OneClick Chat to Order: from n/a through 1.0.5. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en Walter Pinem OneClick Chat to Order permite XSS almacenado. Este problema afecta a OneClick Chat to Order: desde n/a hasta 1.0.5. The OneClick Chat to Order plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/oneclick-whatsapp-order/wordpress-oneclick-chat-to-order-plugin-1-0-5-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51370 – WordPress WP Chat App Plugin <= 3.4.4 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-51370
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NinjaTeam WP Chat App allows Stored XSS.This issue affects WP Chat App: from n/a through 3.4.4. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en NinjaTeam WP Chat App permite almacenar XSS. Este problema afecta a la aplicación WP Chat: desde n/a hasta 3.4.4. The WP Chat App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/wp-whatsapp/wordpress-wp-chat-app-plugin-3-4-4-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38538
https://notcve.org/view.php?id=CVE-2023-38538
A race condition in an event subsystem led to a heap use-after-free issue in established audio/video calls that could have resulted in app termination or unexpected control flow with very low probability. Una condición de ejecución en un subsistema de eventos provocó un problema de use-after-free en llamadas de audio/video establecidas que podría haber resultado en la terminación de la aplicación o en un flujo de control inesperado con muy baja probabilidad. • https://www.whatsapp.com/security/advisories/2023 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38537
https://notcve.org/view.php?id=CVE-2023-38537
A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video calls that could have resulted in app termination or unexpected control flow with very low probability. Una condición de ejecución en un subsistema de transporte de red provocó un problema de use-after-free en llamadas de audio/video entrantes establecidas o no silenciadas que podrían haber resultado en la terminación de la aplicación o en un flujo de control inesperado con muy baja probabilidad. • https://www.whatsapp.com/security/advisories/2023 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-27492
https://notcve.org/view.php?id=CVE-2022-27492
An integer underflow in WhatsApp could have caused remote code execution when receiving a crafted video file. Un desbordamiento de enteros en WhatsApp podría haber causado una ejecución de código remota cuando es recibido un archivo de vídeo diseñado. • https://www.whatsapp.com/security/advisories/2022 • CWE-191: Integer Underflow (Wrap or Wraparound) •