Reflected Cross-Site Scripting in Chaty WordPress Plugin

Reflected Cross-Site Scripting in Chaty WordPress Plugin

CVE-2021-25016 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin before 2.8.2 do not sanitise and escape the search parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting

Learn more about our Wordpress Pen Testing.