cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forrumbletalk-chat-a-chat-with-themes rumbletalk-chat-a-chat-with-themes

Direction: ascending
Jun 07, 2024

RumbleTalk Live Group Chat – HTML5 # 926d1229c47934b08e71c0bbf27c2df406a983a3

CVE, Research URL

926d1229c47934b08e71c0bbf27c2df406a983a3

Home page URL

Security reports for RumbleTalk Live Group Chat – HTML5

Application

RumbleTalk Live Group Chat – HTML5

Date
Oct 13, 2023
Research Description
RumbleTalk Live Group Chat &#8211; HTML5 [rumbletalk-chat-a-chat-with-themes] < 6.2.0 WordPress RumbleTalk Live Group Chat Plugin <= 6.1.9 is vulnerable to Broken Access Control No patched version is available. Mika discovered and reported this Broken Access Control vulnerability in WordPress RumbleTalk Live Group Chat Plugin. A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user to executing a certain higher privileged action. This vulnerability has not been known to be fixed yet.
Affected versions
Min -, max -.
Status
vulnerable
Jun 10, 2024

RumbleTalk Live Group Chat &#8211; HTML5 # CVE-2023-45828

CVE, Research URL

CVE-2023-45828

Home page URL

Security reports for RumbleTalk Live Group Chat &#8211; HTML5

Application

RumbleTalk Live Group Chat &#8211; HTML5

Date
Jan 02, 2025
Research Description
Missing Authorization vulnerability in RumbleTalk Ltd RumbleTalk Live Group Chat allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RumbleTalk Live Group Chat: from n/a through 6.2.5.
Affected versions
Min -, max -.
Status
vulnerable
Oct 01, 2024

RumbleTalk Live Group Chat &#8211; HTML5 # CVE-2024-8720

CVE, Research URL

CVE-2024-8720

Home page URL

Security reports for RumbleTalk Live Group Chat &#8211; HTML5

Application

RumbleTalk Live Group Chat &#8211; HTML5

Date
Oct 01, 2024
Research Description
The RumbleTalk Live Group Chat – HTML5 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rumbletalk-admin-button' shortcode in all versions up to, and including, 6.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max -.
Status
vulnerable
Sep 05, 2025

RumbleTalk Live Group Chat &#8211; HTML5 # CVE-2025-58626

CVE, Research URL

CVE-2025-58626

Home page URL

Security reports for RumbleTalk Live Group Chat &#8211; HTML5

Application

RumbleTalk Live Group Chat &#8211; HTML5

Date
Sep 03, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RumbleTalk RumbleTalk Live Group Chat allows Stored XSS. This issue affects RumbleTalk Live Group Chat: from n/a through 6.3.5.
Affected versions
Min -, max -.
Status
vulnerable