Vulnerabilities and security researches forsimple-ajax-chat simple-ajax-chat

Jun 07, 2024

CVE, Research URL: CVE-2024-2470
Home page URL: Security reports for Simple Ajax Chat – Add a Fast, Secure Chat Box
Application: Simple Ajax Chat – Add a Fast, Secure Chat Box
Date: Jun 04, 2024
Research Description: The Simple Ajax Chat WordPress plugin before 20240412 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Affected versions: max 20240412.
Status: vulnerable

CVE, Research URL: CVE-2022-25610
Home page URL: Security reports for Simple Ajax Chat – Add a Fast, Secure Chat Box
Application: Simple Ajax Chat – Add a Fast, Secure Chat Box
Date: Mar 26, 2022
Research Description: Unauthenticated Stored Cross-Site Scripting (XSS) in Simple Ajax Chat <= 20220115 allows an attacker to store the malicious code. However, the attack requires specific conditions, making it hard to exploit.
Affected versions: max 20220216.
Status: vulnerable

CVE, Research URL: CVE-2024-1983
Home page URL: Security reports for Simple Ajax Chat – Add a Fast, Secure Chat Box
Application: Simple Ajax Chat – Add a Fast, Secure Chat Box
Date: Mar 20, 2024
Research Description: The Simple Ajax Chat WordPress plugin before 20240223 does not prevent visitors from using malicious Names when using the chat, which will be reflected unsanitized to other users.
Affected versions: max 20240223.
Status: vulnerable

CVE, Research URL: CVE-2024-2956
Home page URL: Security reports for Simple Ajax Chat – Add a Fast, Secure Chat Box
Application: Simple Ajax Chat – Add a Fast, Secure Chat Box
Date: Mar 27, 2024
Research Description: The Simple Ajax Chat – Add a Fast, Secure Chat Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 20231101 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions: max 20240216.
Status: vulnerable

CVE, Research URL: CVE-2022-27849
Home page URL: Security reports for Simple Ajax Chat – Add a Fast, Secure Chat Box
Application: Simple Ajax Chat – Add a Fast, Secure Chat Box
Date: Apr 15, 2022
Research Description: Sensitive Information Disclosure (sac-export.csv) in Simple Ajax Chat (WordPress plugin) <= 20220115
Affected versions: max 20220216.
Status: vulnerable

CVE, Research URL: CVE-2022-27850
Home page URL: Security reports for Simple Ajax Chat – Add a Fast, Secure Chat Box
Application: Simple Ajax Chat – Add a Fast, Secure Chat Box
Date: Apr 15, 2022
Research Description: Cross-Site Request Forgery (CSRF) in Simple Ajax Chat (WordPress plugin) <= 20220115 allows an attacker to clear the chat log or delete a chat message.
Affected versions: max 20220216.
Status: vulnerable

CVE, Research URL: -
Home page URL: Security reports for Simple Ajax Chat – Add a Fast, Secure Chat Box
Application: Simple Ajax Chat – Add a Fast, Secure Chat Box
Date: Apr 10, 2024
Research Description: Rejected reason: **DUPLICATE*** Please use CVE-2024-1983 instead.
Affected versions: max 20240223.
Status: vulnerable

Apr 16, 2026

CVE, Research URL: CVE-2026-3075
Home page URL: Security reports for Simple Ajax Chat – Add a Fast, Secure Chat Box
Application: Simple Ajax Chat – Add a Fast, Secure Chat Box
Date: Feb 24, 2026
Research Description: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Jeff Starr Simple Ajax Chat simple-ajax-chat allows Retrieve Embedded Sensitive Data.This issue affects Simple Ajax Chat: from n/a through <= 20251121.
Affected versions: max 20260217.
Status: vulnerable

CVE, Research URL: CVE-2026-2987
Home page URL: Security reports for Simple Ajax Chat – Add a Fast, Secure Chat Box
Application: Simple Ajax Chat – Add a Fast, Secure Chat Box
Date: Mar 12, 2026
Research Description: The Simple Ajax Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'c' parameter in versions up to, and including, 20260217 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 20260301.
Status: vulnerable