cleantalk
Vulnerabilities and Security Researches

LocalWeb All In One, 2e318f1f7c17f31318df511c6c796657071482ba

CVE, Research URL

2e318f1f7c17f31318df511c6c796657071482ba

Home page URL

Security reports for LocalWeb All In One

Application

LocalWeb All In One

Published on
Oct 12, 2020
Research Description
LocalWeb All In One [lw-all-in-one] < 1.6.5 Web Instant Messenger <= 1.1.2 and LocalWeb In One <= 1.6.4 - Stored Cross-Site Scripting The Web Instant Messenger and LocalWeb In One plugins for WordPress are vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.4 (NOTE: Web Instant Messenger's latest version 1.1.2 is unpatched) due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 1.6.5.
Status
vulnerable
Previous vulnerability researches
BP Group Documents (8baef861c378b15eb8c204ede505bfadd5814db1) , Jun 07, 2024
BP Group Documents (6680bcfa-bc62-472f-8f56-22c84276297d) , Jun 16, 2026
BP Group Documents (5063acc729c4a8181d4837a67fa533b9338c53d7) , Jun 16, 2026
BP Group Documents (98d70764-8d00-4faa-8b52-89a1c27dc69e) , Jun 16, 2026
BP Group Documents (51acb6f4-f861-44b2-bf18-40ce0e63b92f) , Jun 16, 2026
New vulnerability
Fuse Social Floating Sidebar (6d8910c719b2a132ec93828cd37e418b19cac960) , Jun 16, 2026
Fuse Social Floating Sidebar (55cfdf9ca59d0ffde4e34ece826e1cecb79222e7) , Jun 16, 2026
XT Points &amp; Rewards for WooCommerce (d0da1208eeccc07b4d448a3ed23ecbc7f2671fca) , Jun 16, 2026
XT Points &amp; Rewards for WooCommerce (6d8910c719b2a132ec93828cd37e418b19cac960) , Jun 16, 2026
Xhanch &#8211; My Twitter (56cf3642247c0fbd3f7f76e865918d615b92c2ab) , Jun 16, 2026