Vulnerabilities > CVE-2023-0899 - Unspecified vulnerability in WP Live Chat Shoutbox Project WP Live Chat Shoutbox 1.4.2

CVSS 6.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

wp-live-chat-shoutbox-project

NVD

Published: 2023-04-24

Updated: 2023-11-07

Summary

The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before outputting it back in the Shoutbox, leading to Stored Cross-Site Scripting which could be used against high privilege users such as admins.

Vulnerable Configurations

Part	Description	Count
Application	Wp_Live_Chat_Shoutbox_Project WP Live Chat Shoutbox Project WP Live Chat Shoutbox 1.4.2	1

References

https://wpscan.com/vulnerability/e95f925f-118e-4fa1-8e8f-9dc1bc698f12