cleantalk
Vulnerabilities and Security Researches

Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty, CVE-2021-25016

CVE, Research URL

CVE-2021-25016

Home page URL

Security reports for Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty

Application

Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty

Published on
Jan 03, 2022
Research Description
The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin before 2.8.2 do not sanitise and escape the search parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting
Affected versions
Min -, max 2.8.3.
Status
vulnerable
Previous vulnerability researches
Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty (CVE-2025-1450) , Feb 28, 2025
Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty (CVE-2021-36846) , Jun 07, 2024
Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty (CVE-2024-2972) , Jun 07, 2024
Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty (CVE-2021-25016) , Jun 07, 2024
Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty (CVE-2022-3858) , Jun 07, 2024
New vulnerability
Printcart Web to Print Product Designer for WooCommerce (CVE-2025-47641) , May 20, 2025
Formality (CVE-2025-3858) , May 20, 2025
PowerPress Podcasting plugin by Blubrry (CVE-2024-9227) , May 19, 2025
Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC (CVE-2024-9450) , May 19, 2025
PWA for WP & AMP (CVE-2024-7759) , May 19, 2025