cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forcollectchat collectchat

Direction: ascending
Jun 07, 2024

Collect.chat – Chatbot ⚡️ # CVE-2024-30436

CVE, Research URL

CVE-2024-30436

Home page URL

Security reports for Collect.chat – Chatbot ⚡️

Application

Collect.chat – Chatbot ⚡️

Date
Mar 29, 2024
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Collect.Chat Inc. Collectchat allows Stored XSS.This issue affects Collectchat: from n/a through 2.4.1.
Affected versions
max 2.4.2.
Status
vulnerable

Collect.chat – Chatbot ⚡️ # CVE-2023-5691

CVE, Research URL

CVE-2023-5691

Home page URL

Security reports for Collect.chat – Chatbot ⚡️

Application

Collect.chat – Chatbot ⚡️

Date
Jan 11, 2024
Research Description
The Chatbot for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version 2.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions
max 2.4.0.
Status
vulnerable
Aug 07, 2024

Collect.chat – Chatbot ⚡️ # CVE-2024-6498

CVE, Research URL

CVE-2024-6498

Home page URL

Security reports for Collect.chat – Chatbot ⚡️

Application

Collect.chat – Chatbot ⚡️

Date
Aug 05, 2024
Research Description
The Chatbot for WordPress by Collect.chat ⚡️ WordPress plugin before 2.4.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
Affected versions
max 2.4.4.
Status
vulnerable
Apr 15, 2026

Collect.chat – Chatbot ⚡️ # CVE-2026-0736

CVE, Research URL

CVE-2026-0736

Home page URL

Security reports for Collect.chat – Chatbot ⚡️

Application

Collect.chat – Chatbot ⚡️

Date
Feb 14, 2026
Research Description
The Chatbot for WordPress by Collect.chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_inpost_head_script[synth_header_script]' post meta field in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 2.4.9.
Status
vulnerable