Vulnerabilities > WP Live Chat Shoutbox Project

DATE CVE VULNERABILITY TITLE RISK
2023-04-24 CVE-2023-0899 Unspecified vulnerability in WP Live Chat Shoutbox Project WP Live Chat Shoutbox 1.4.2
The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before outputting it back in the Shoutbox, leading to Stored Cross-Site Scripting which could be used against high privilege users such as admins.
network
low complexity
wp-live-chat-shoutbox-project
6.1
2023-04-24 CVE-2023-1020 Unspecified vulnerability in WP Live Chat Shoutbox Project WP Live Chat Shoutbox 1.4.2
The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
network
low complexity
wp-live-chat-shoutbox-project
critical
9.8