Vulnerabilities and security researches foratomchat atomchat

Jun 07, 2024

CVE, Research URL: 55a33e5f00da687c6481e82ea54cdc46badab61a
Home page URL: Security reports for Group Chat & Video Chat by AtomChat
Application: Group Chat & Video Chat by AtomChat
Date: Oct 24, 2023
Research Description: Group Chat & Video Chat by AtomChat [atomchat] < 1.1.5 WordPress AtomChat Plugin <= 1.1.4 is vulnerable to Broken Access Control No patched version is available. Mika discovered and reported this Broken Access Control vulnerability in WordPress AtomChat Plugin. A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user to executing a certain higher privileged action. This vulnerability has not been known to be fixed yet.
Affected versions: Min -, max -.
Status: vulnerable

Jun 10, 2024

CVE, Research URL: CVE-2023-46606
Home page URL: Security reports for Group Chat & Video Chat by AtomChat
Application: Group Chat & Video Chat by AtomChat
Date: Jan 02, 2025
Research Description: Missing Authorization vulnerability in AtomChat AtomChat allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AtomChat: from n/a through 1.1.4.
Affected versions: Min -, max -.
Status: vulnerable

Nov 02, 2024

CVE, Research URL: CVE-2024-10232
Home page URL: Security reports for Group Chat & Video Chat by AtomChat
Application: Group Chat & Video Chat by AtomChat
Date: Nov 01, 2024
Research Description: The Group Chat & Video Chat by AtomChat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's atomchat shortcode in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Apr 02, 2025

CVE, Research URL: CVE-2025-31532
Home page URL: Security reports for Group Chat & Video Chat by AtomChat
Application: Group Chat & Video Chat by AtomChat
Date: Mar 31, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team AtomChat AtomChat allows Stored XSS. This issue affects AtomChat: from n/a through 1.1.6.
Affected versions: Min -, max -.
Status: vulnerable

May 07, 2025

CVE, Research URL: CVE-2025-31831
Home page URL: Security reports for Group Chat & Video Chat by AtomChat
Application: Group Chat & Video Chat by AtomChat
Date: Apr 01, 2025
Research Description: Missing Authorization vulnerability in Team AtomChat AtomChat allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AtomChat: from n/a through 1.1.6.
Affected versions: Min -, max -.
Status: vulnerable