CVE-2019-6780
Wise Chat <= 2.6.3 - Reverse Tabnabbing
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The Wise Chat plugin before 2.7 for WordPress mishandles external links because rendering/filters/post/WiseChatLinksPostFilter.php omits noopener and noreferrer.
El plugin Wise Chat para WordPress, en versiones anteriores a la 2.7, gestiona de manera incorrecta los enlaces externos porque rendering/filters/post/WiseChatLinksPostFilter.php omite noopener y noreferrer.
The Wise Chat plugin for WordPress is vulnerable to Reverse Tabnabbing in versions up to, and including, 2.6.3. This is due to mishandling of external links due to omitting noopener and noreferrer. This makes it possible for a chat-using attacker to provide a link that opens a new tab while silently redirecting the original - this can be used to redirect them to a phishing site on the original tab.
WordPress Wisechat plugin version 2.6.3 suffers from a forced tab redirection flow that can aid in phishing attacks.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-01-24 CVE Reserved
- 2019-01-24 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
- CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://wordpress.org/plugins/wise-chat/#developers | Release Notes |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/46247 | 2024-08-04 |
| URL | Date | SRC |
|---|---|---|
| https://plugins.trac.wordpress.org/changeset/2016929/wise-chat/trunk/src/rendering/filters/post/WiseChatLinksPostFilter.php | 2019-01-28 |
| URL | Date | SRC |
|---|