Vulnerabilities > Ninjateam > Click TO Chat

DATE CVE VULNERABILITY TITLE RISK
2024-10-18 CVE-2024-10055 Cross-site Scripting vulnerability in Ninjateam Click to Chat
The Click to Chat – WP Support All-in-One Floating Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpsaio_snapchat shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
ninjateam CWE-79
5.4
5.4
2024-10-17 CVE-2024-49281 Cross-site Scripting vulnerability in Ninjateam Click to Chat
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NinjaTeam Click to Chat – WP Support All-in-One Floating Widget allows Stored XSS.This issue affects Click to Chat – WP Support All-in-One Floating Widget: from n/a through 2.3.3.
network
low complexity
ninjateam CWE-79
5.4
5.4