cleantalk
Vulnerabilities and Security Researches

LocalWeb All In One, c8069655-fc7b-4b97-b871-45705260fb1b

CVE, Research URL

c8069655-fc7b-4b97-b871-45705260fb1b

Home page URL

Security reports for LocalWeb All In One

Application

LocalWeb All In One

Published on
-
Research Description
LocalWeb All In One [lw-all-in-one] < 1.6.5 LocalWeb All In One plugin &lt; 1.6.5 - Unauthenticated Stored Cross-Site Scripting (XSS) An Unauthenticated Stored XSS vulnerability was discovered in the LocalWeb All In One plugin v1.6.3 for WordPress. There is an older version of this plugin called Web Instant Messenger, latest version is v1.1.1. The specificity of this plugin is that it interacts with the remote host www.localweb.it, so the payload will be executed on it.
Affected versions
max 1.6.5.
Status
vulnerable
Previous vulnerability researches
Connections Business Directory (CVE-2011-5254) , Jun 06, 2024
Connections Business Directory (CVE-2023-29437) , Jun 06, 2024
Connections Business Directory (CVE-2020-36503) , Jun 06, 2024
Connections Business Directory (CVE-2016-0770) , Jun 06, 2024
Connections Business Directory (CVE-2021-24794) , Jun 06, 2024
New vulnerability
WP SMS Plugin Notification for WordPress (72e44d3605478ba886b58e5dc13d074197875ee3) , Jun 16, 2026
WP SMS Plugin Notification for WordPress (6d8910c719b2a132ec93828cd37e418b19cac960) , Jun 16, 2026
Async JavaScript (a535d19a588d298275a50a334cb3297b070e2d46) , Jun 16, 2026
Async JavaScript (278f7c36-05f8-4b6f-9a13-11175e3f3971) , Jun 16, 2026
Async JavaScript (dc720f7e4f71488f6f9e4d0e22eb0a048932a77b) , Jun 16, 2026