Published: 24/01/2019 Updated: 28/01/2019

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 585

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

The Wise Chat plugin prior to 2.7 for WordPress mishandles external links because rendering/filters/post/WiseChatLinksPostFilter.php omits noopener and noreferrer.

Vulnerable Product	Search on Vulmon	Subscribe to Product
kaine wise chat

# Exploit Title: Wordpress Plugin Wisechat <= 263 - Reverse Tabnabbing # Date: 01-22-2019 # Exploit Author: MTK (mtk911cf/) # Vendor Homepage: kainepl/ # Softwae Link: wordpressorg/plugins/wise-chat/ # Version: Up to V263 # Tested on: Debian 9 - Apache2 - Wordpress 498 - Firefox # CVE : 2019-6780 # Plugin descr ...

WordPress Wisechat plugin version 263 suffers from a forced tab redirection flow that can aid in phishing attacks ...

CWE-601 https://wordpress.org/plugins/wise-chat/#developers https://plugins.trac.wordpress.org/changeset/2016929/wise-chat/trunk/src/rendering/filters/post/WiseChatLinksPostFilter.php https://www.exploit-db.com/exploits/46247/https://nvd.nist.gov https://www.exploit-db.com/exploits/46247

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-6780

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect