WordPress Plugin Vulnerabilities

Quick Chat <= 4.14 - Unauthenticated Stored Cross-Site Scripting

Description

An Unauthenticated Persistent XSS vulnerability was discovered in the Quick Chat plugin v4.14 for WordPress.

Proof of Concept

Affects Plugins

Plugin icon
quick-chat
No known fix

References

URL
https://ex-mi.ru/exploit/[2020-10-06]-[WordPress]-quick-chat-plugin-v4.14.txt

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
8.3 (high)

Miscellaneous

Original Researcher
Ex.Mi
Submitter
Ex.Mi
Submitter website
https://ex-mi.ru
Verified
Yes
WPVDB ID
6fac1c54-13d9-494c-b055-e3412b491f09

Timeline

Publicly Published
2020-10-14 (about 5 years ago)
Added
2020-10-19 (about 5 years ago)
Last Updated
2020-10-20 (about 5 years ago)

Other

Published
Title
Published
2014-08-01
Title
ed2k-link-selector <= 1.1.7 - XSS in ZeroClipboard
Published
2014-08-01
Title
Accept Signups 0.1 - XSS
Published
2024-07-10
Title
Animated Typed JS Shortcode < 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-08-26
Title
Magic Post Thumbnail < 5.2.10 - Reflected Cross-Site Scripting
Published
2025-04-04
Title
Split Test For Elementor <= 1.8.4 - Admin+ Stored Cross-Site Scripting