Chaty Free < 2.8.3 & Pro < 2.8.2 – Reflected Cross-Site Scripting | CVE 2021-25016

Affects Plugins

chaty

Fixed in 2.8.3

chaty-pro

Fixed in 2.8.2

References

CVE

CVE-2021-25016

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

7.5 (high)

Miscellaneous

Original Researcher

Krzysztof Zając

Submitter

Krzysztof Zając

Submitter website

https://kazet.cc/

Verified

Yes

WPVDB ID

b5035987-6227-4fc6-bc45-1e8016e5c4c0

Timeline

Publicly Published

2021-12-06 (about 4 years ago)

Added

2021-12-06 (about 4 years ago)

Last Updated

2022-04-13 (about 3 years ago)

Other

Published

Title

Published

2024-11-08

Title

Luzuk Team <= 0.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2023-06-16

Title

Sermon'e – Sermons Online <= 1.0.0 - Contributor+ Stored XSS

Published

2024-05-07

Title

ADFO – Custom data in admin dashboard < 1.9.1 - Reflected Cross-Site Scripting

Published

2023-08-29

Title

Popup box < 3.7.2 - Admin+ Stored Cross-Site Scripting

Published

2025-02-21

Title

WOO Codice Fiscale <= 1.6.3 - Reflected Cross-Site Scripting