cleantalk
Vulnerabilities and Security Researches

RumbleTalk Live Group Chat – HTML5, CVE-2024-8720

CVE, Research URL

CVE-2024-8720

Home page URL

Security reports for RumbleTalk Live Group Chat – HTML5

Application

RumbleTalk Live Group Chat – HTML5

Published on
Oct 01, 2024
Research Description
The RumbleTalk Live Group Chat – HTML5 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rumbletalk-admin-button' shortcode in all versions up to, and including, 6.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 6.3.1.
Status
vulnerable
Previous vulnerability researches
RumbleTalk Live Group Chat – HTML5 (CVE-2024-8720) , Oct 01, 2024
RumbleTalk Live Group Chat – HTML5 (926d1229c47934b08e71c0bbf27c2df406a983a3) , Jun 07, 2024
RumbleTalk Live Group Chat – HTML5 (CVE-2025-58626) , Sep 05, 2025
RumbleTalk Live Group Chat – HTML5 (CVE-2023-45828) , Jun 10, 2024
New vulnerability
SEO Auto Linker (CVE-2025-58791) , Sep 08, 2025
Showpass WordPress Extension (CVE-2025-58850) , Sep 08, 2025
Custom Team Manager (CVE-2025-58840) , Sep 08, 2025
Category Order and Taxonomy Terms Order , Sep 08, 2025
TrustMate.io – WooCommerce integration (CVE-2025-58802) , Sep 08, 2025