QwikSec

Security Database

CVE

CWE

Training

CVE-2022-0642

Published: May 30, 2022

Modified: Aug 2, 2024

PUBLISHED

Description

The JivoChat Live Chat WordPress plugin before 1.3.5.4 does not properly check CSRF tokens on POST requests to the plugins admin page, and does not sanitise some parameters, leading to a stored Cross-Site Scripting vulnerability where an attacker can trick a logged in administrator to inject arbitrary javascript.

Vendor	Product	Versions
Unknown	JivoChat Live Chat – WP live chat plugin for WordPress	affected `1.3.5.4 - < 1.3.5.4`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/099cf9b4-0b3a-43c6-8ca9-7c2d50f86425

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.