An Authenticated Persistent XSS vulnerability is present in the the plugin options page (/wp-admin/options-general.php?page=quick-chat/quick-chat.php), vulnerable fields: «Chat name prefix for guest users», «Advertisement code for your AdSense».
The PoC will be displayed once the issue has been remediated
Ex.Mi
Ex.Mi
Yes
2020-10-14 (about 2 years ago)
2020-10-19 (about 2 years ago)
2020-10-20 (about 2 years ago)