cleantalk
Vulnerabilities and Security Researches

Xelion Webchat, CVE-2025-3058

CVE, Research URL

CVE-2025-3058

Home page URL

Security reports for Xelion Webchat

Application

Xelion Webchat

Published on
Apr 24, 2025
Research Description
The Xelion Webchat plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the xwc_save_settings() function in all versions up to, and including, 9.1.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
Affected versions
Min -, max 9.1.0.
Status
vulnerable
Previous vulnerability researches
CF7 Spreadsheets (CVE-2025-31603) , Apr 02, 2025
CF7 Spreadsheets (CVE-2025-31536) , Apr 05, 2025
New vulnerability
Create custom forms for WordPress with a smart form plugin for smart businesses – Form builder for WordPress (CVE-2025-2801) , Apr 27, 2025
Integração entre Eduzz e Woocommerce (CVE-2025-3906) , Apr 27, 2025
Xelion Webchat (CVE-2025-3058) , Apr 27, 2025
Breeze Display (CVE-2025-3749) , Apr 27, 2025
Add Google +1 (Plus one) social share Button (CVE-2025-3866) , Apr 27, 2025