WordPress Plugin Vulnerabilities

My Chatbot <= 1.1 - Reflected Cross-Site Scripting (XSS)

Description

The plugin does not sanitise or escape its tab parameter in the Settings page before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue

Proof of Concept

Affects Plugins

Plugin icon
my-chatbot
No known fix

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
8.8 (high)

Miscellaneous

Original Researcher
WPScanTeam
Verified
Yes
WPVDB ID
c0b6f63b-95d1-4782-9554-975d6d7bbd3d

Timeline

Publicly Published
2021-09-06 (about 4 years ago)
Added
2021-09-06 (about 4 years ago)
Last Updated
2021-09-06 (about 4 years ago)

Other

Published
Title
Published
2023-01-30
Title
GS Portfolio for Envato < 1.4.0 - Contributor+ Stored XSS
Published
2025-02-21
Title
Rife Elementor Extensions & Templates < 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Writing Effect Headline Shortcode
Published
2025-01-17
Title
Rate Star Review Vote – AJAX Reviews, Votes, Star Ratings < 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2015-06-28
Title
WP Rollback <= 1.2.2 - Cross-Site Scripting (XSS) & CSRF
Published
2024-11-08
Title
ra_qrcode <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting