cleantalk
Vulnerabilities and Security Researches

Simple Ajax Chat – Add a Fast, Secure Chat Box, CVE-2024-2956

CVE, Research URL

CVE-2024-2956

Home page URL

Security reports for Simple Ajax Chat – Add a Fast, Secure Chat Box

Application

Simple Ajax Chat – Add a Fast, Secure Chat Box

Published on
Mar 27, 2024
Research Description
The Simple Ajax Chat – Add a Fast, Secure Chat Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 20231101 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions
max 20240216.
Status
vulnerable
Previous vulnerability researches
Simple Ajax Chat – Add a Fast, Secure Chat Box (CVE-2024-2470) , Jun 07, 2024
Simple Ajax Chat – Add a Fast, Secure Chat Box (CVE-2022-25610) , Jun 07, 2024
Simple Ajax Chat – Add a Fast, Secure Chat Box (CVE-2024-1983) , Jun 07, 2024
Simple Ajax Chat – Add a Fast, Secure Chat Box (CVE-2024-2956) , Jun 07, 2024
Simple Ajax Chat – Add a Fast, Secure Chat Box (CVE-2022-27849) , Jun 07, 2024
New vulnerability
AMP Enhancer – Compatibility Layer for Official AMP Plugin (CVE-2026-2027) , Apr 16, 2026
WaveSurfer-WP (CVE-2026-1909) , Apr 16, 2026
xmlrpc attacks blocker (CVE-2026-2502) , Apr 16, 2026
Templately – Gutenberg & Elementor Template Library: 5000+ Free & Pro Ready Templates & Cloud! (CVE-2026-0831) , Apr 16, 2026
iRobots.txt SEO (CVE-2025-68840) , Apr 16, 2026