CVE-2022-3415

Published: Nov 14, 2022

Modified: Apr 30, 2025

PUBLISHED

Description

The Chat Bubble WordPress plugin before 2.3 does not sanitise and escape some contact parameters, which could allow unauthenticated attackers to set Stored Cross-Site Scripting payloads in them, which will trigger when an admin view the related contact message

Vendor	Product	Versions
Unknown	Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back	affected `2.3 - < 2.3`

Weaknesses (CWE)

CWE-79

References

https://wpscan.com/vulnerability/012c5b64-ef76-4539-afd8-40f6c329ae88

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-3415

Description

Affected Products

Weaknesses (CWE)

References