cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forlw-all-in-one lw-all-in-one

Direction: ascending
Jun 07, 2024

LocalWeb All In One # 116526588980e206d0dd7a83f2b37ae6f2a43810

CVE, Research URL

116526588980e206d0dd7a83f2b37ae6f2a43810

Home page URL

Security reports for LocalWeb All In One

Application

LocalWeb All In One

Date
Oct 20, 2020
Research Description
LocalWeb All In One [lw-all-in-one] < 1.6.5 WordPress LocalWeb All In One plugin <= 1.6.4 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by m0ze (Ex.Mi) in WordPress LocalWeb All In One plugin (versions <= 1.6.4).
Affected versions
max 1.6.5.
Status
vulnerable
Jun 16, 2026

LocalWeb All In One # 2e318f1f7c17f31318df511c6c796657071482ba

CVE, Research URL

2e318f1f7c17f31318df511c6c796657071482ba

Home page URL

Security reports for LocalWeb All In One

Application

LocalWeb All In One

Date
Oct 12, 2020
Research Description
LocalWeb All In One [lw-all-in-one] < 1.6.5 Web Instant Messenger <= 1.1.2 and LocalWeb In One <= 1.6.4 - Stored Cross-Site Scripting The Web Instant Messenger and LocalWeb In One plugins for WordPress are vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.4 (NOTE: Web Instant Messenger's latest version 1.1.2 is unpatched) due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 1.6.5.
Status
vulnerable

LocalWeb All In One # c8069655-fc7b-4b97-b871-45705260fb1b

CVE, Research URL

c8069655-fc7b-4b97-b871-45705260fb1b

Home page URL

Security reports for LocalWeb All In One

Application

LocalWeb All In One

Date
-
Research Description
LocalWeb All In One [lw-all-in-one] < 1.6.5 LocalWeb All In One plugin &lt; 1.6.5 - Unauthenticated Stored Cross-Site Scripting (XSS) An Unauthenticated Stored XSS vulnerability was discovered in the LocalWeb All In One plugin v1.6.3 for WordPress. There is an older version of this plugin called Web Instant Messenger, latest version is v1.1.1. The specificity of this plugin is that it interacts with the remote host www.localweb.it, so the payload will be executed on it.
Affected versions
max 1.6.5.
Status
vulnerable