cleantalk
Vulnerabilities and Security Researches

LocalWeb All In One, c8069655-fc7b-4b97-b871-45705260fb1b

CVE, Research URL

c8069655-fc7b-4b97-b871-45705260fb1b

Home page URL

Security reports for LocalWeb All In One

Application

LocalWeb All In One

Published on
-
Research Description
LocalWeb All In One [lw-all-in-one] < 1.6.5 LocalWeb All In One plugin &lt; 1.6.5 - Unauthenticated Stored Cross-Site Scripting (XSS) An Unauthenticated Stored XSS vulnerability was discovered in the LocalWeb All In One plugin v1.6.3 for WordPress. There is an older version of this plugin called Web Instant Messenger, latest version is v1.1.1. The specificity of this plugin is that it interacts with the remote host www.localweb.it, so the payload will be executed on it.
Affected versions
max 1.6.5.
Status
vulnerable
Previous vulnerability researches
Plugin Name: oQey Headers (c7ce760ee7c36905095c8fa8843b97a99356157d) , Jun 07, 2024
Plugin Name: oQey Headers (ab0a8668-3002-4d29-86a0-9800d5aa9ddc) , Jun 16, 2026
New vulnerability
Goon &#8211; Speed Up Your WordPress Site (74bfc5af863408f6209ced594b90fac47416d3ac) , Jun 16, 2026
SEO Friendly Images (f5c86f65-d4bf-457c-9dbe-42a6c92058f4) , Jun 16, 2026
SEO Friendly Images (6ad6caa8-dfd6-47eb-b693-2eb1ffa6c3de) , Jun 16, 2026
SEO Friendly Images (9efc51cd-c69a-432b-a4fd-4f5c804d3a5e) , Jun 16, 2026
SEO Friendly Images (f0c53a5a0e6e994d34c89fa61f207dd47899b2c0) , Jun 16, 2026