Plugin-planet Simple Ajax Chat — known CVE vulnerabilities
Every CVE whose affected-product data names Plugin-planet Simple Ajax Chat, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2024-1983 — CVSS 7.1 (high): The Simple Ajax Chat WordPress plugin before 20240223 does not prevent visitors from using malicious Names when using the chat, which will…
CVE-2022-27850 — CVSS 5.4 (medium): Cross-Site Request Forgery (CSRF) in Simple Ajax Chat (WordPress plugin) <= 20220115 allows an attacker to clear the chat log or delete a…
CVE-2024-2470 — CVSS 5.4 (medium): The Simple Ajax Chat WordPress plugin before 20240412 does not sanitise and escape some of its settings, which could allow high privilege…
CVE-2022-27849 — CVSS 5.3 (medium): Sensitive Information Disclosure (sac-export.csv) in Simple Ajax Chat (WordPress plugin) <= 20220115
CVE-2022-25610 — CVSS 3.4 (low): Unauthenticated Stored Cross-Site Scripting (XSS) in Simple Ajax Chat <= 20220115 allows an attacker to store the malicious code. However…