WordPress Plugin Vulnerabilities

Live Chat with Facebook Messenger <= 1.4.6 - Stored XSS

Description

Saves option "ztb_domainid" without authentication with any code that will be embedded in every page.

Affects Plugins

Plugin icon
fb-messenger-live-chat
Fixed in 1.4.7

References

URL
https://plugins.trac.wordpress.org/changeset/2090019/fb-messenger-live-chat

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Verified
No
WPVDB ID
4a5ea37d-e315-40f5-ab91-ad5e80216c35

Timeline

Publicly Published
2019-05-16 (about 6 years ago)
Added
2019-05-22 (about 6 years ago)
Last Updated
2019-11-03 (about 6 years ago)

Other

Published
Title
Published
2024-06-22
Title
Hostel < 1.1.5.3 - Reflected XSS
Published
2023-06-21
Title
Gravity Forms < 2.7.5 - Reflected XSS
Published
2018-02-22
Title
Photo Gallery by WD <= 1.3.66 - Cross-Site Scripting (XSS)
Published
2024-12-04
Title
Blocksy < 2.0.78 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2026-02-26
Title
uDesign - Responsive WordPress Theme <= 4.14.0 - Reflected Cross-Site Scripting