Vulnerabilities > CVE-2023-1020 - Unspecified vulnerability in WP Live Chat Shoutbox Project WP Live Chat Shoutbox 1.4.2

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

wp-live-chat-shoutbox-project

critical

NVD

Published: 2023-04-24

Updated: 2024-11-21

Summary

The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.

Vulnerable Configurations

Part	Description	Count
Application	Wp_Live_Chat_Shoutbox_Project WP Live Chat Shoutbox Project WP Live Chat Shoutbox 1.4.2	1

References

https://wpscan.com/vulnerability/4e5aa9a3-65a0-47d6-bc26-a2fb6cb073ff
https://wpscan.com/vulnerability/4e5aa9a3-65a0-47d6-bc26-a2fb6cb073ff