Simple Ajax Chat
Approved changes feed: RSS · Atom
cpe:2.3:a:plugin-planet:simple_ajax_chat:*:*:*:*:*:wordpress:*:*
part: a version: * update: *
| Vendor | Plugin Planet (ae238b55-711f-5cfd-98e7-d618431f08aa) |
|---|---|
| Product | Simple Ajax Chat (f699b2ae-b387-59b9-9776-733f3b794226) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-2470 |
vulnerable | 2026-06-08 06:33:31.185526 |
Simple Ajax Chat < 20240412 - Admin+ Stored XSS
The Simple Ajax Chat WordPress plugin before 20240412 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Published: 2024-06-04T06:00:02.220Z
Updated: 2026-01-09T21:31:21.626Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-1983 |
vulnerable | 2026-06-08 06:27:15.187974 |
Simple Ajax Chat < 20240223 - Unauthenticated Stored XSS
The Simple Ajax Chat WordPress plugin before 20240223 does not prevent visitors from using malicious Names when using the chat, which will be reflected unsanitized to other users.
Published: 2024-03-20T05:00:02.910Z
Updated: 2024-08-01T19:17:11.130Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-27850 |
vulnerable | 2026-06-08 05:42:43.418299 |
WordPress Simple Ajax Chat plugin <= 20220115 - Multiple Cross-Site Request Forgery (CSRF) vulnerability
MEDIUM (5.4)
Cross-Site Request Forgery (CSRF) in Simple Ajax Chat (WordPress plugin) <= 20220115 allows an attacker to clear the chat log or delete a chat message.
Published: 2022-04-15T16:24:45.573Z
Updated: 2026-04-28T16:07:39.690Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-27849 |
vulnerable | 2026-06-08 05:42:43.417696 |
WordPress Simple Ajax Chat plugin <= 20220115 - Sensitive Information Disclosure vulnerability
MEDIUM (5.3)
Sensitive Information Disclosure (sac-export.csv) in Simple Ajax Chat (WordPress plugin) <= 20220115
Published: 2022-04-15T16:24:44.617Z
Updated: 2026-04-28T16:07:39.811Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-25610 |
vulnerable | 2026-06-08 05:41:46.047482 |
WordPress Simple Ajax Chat plugin <= 20220115 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
LOW (3.4)
Unauthenticated Stored Cross-Site Scripting (XSS) in Simple Ajax Chat <= 20220115 allows an attacker to store the malicious code. However, the attack requires specific conditions, making it hard to exploit.
Published: 2022-03-25T18:02:34.115Z
Updated: 2026-04-28T16:07:39.066Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.