Vulnerabilities > WP Live Chat Shoutbox Project
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-04-24 | CVE-2023-0899 | Unspecified vulnerability in WP Live Chat Shoutbox Project WP Live Chat Shoutbox 1.4.2 The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before outputting it back in the Shoutbox, leading to Stored Cross-Site Scripting which could be used against high privilege users such as admins. | 6.1 |
2023-04-24 | CVE-2023-1020 | Unspecified vulnerability in WP Live Chat Shoutbox Project WP Live Chat Shoutbox 1.4.2 The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. | 9.8 |