cleantalk
Vulnerabilities and Security Researches

Spoki – Chat Buttons and WooCommerce Notifications, CVE-2025-50026

CVE, Research URL

CVE-2025-50026

Home page URL

Security reports for Spoki – Chat Buttons and WooCommerce Notifications

Application

Spoki – Chat Buttons and WooCommerce Notifications

Published on
Jun 20, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spoki Spoki allows Stored XSS. This issue affects Spoki: from n/a through 2.16.0.
Affected versions
Min -, max 2.16.0.
Status
vulnerable
Previous vulnerability researches
YITH Maintenance Mode (CVE-2015-9429) , Jun 06, 2024
YITH Maintenance Mode (CVE-2021-36841) , Jun 06, 2024
YITH Maintenance Mode (CVE-2021-36845) , Jun 06, 2024
New vulnerability
TM Replace Howdy (CVE-2025-49972) , Jul 03, 2025
VG WORT METIS (CVE-2025-50039) , Jul 03, 2025
Raise The Money (CVE-2025-53321) , Jul 03, 2025
isMobile() Shortcode for WordPress (CVE-2025-6488) , Jul 03, 2025
All-in-One Addons for Elementor – WidgetKit (CVE-2025-2330) , Jul 03, 2025