The Chaty WordPress plugin prior to 2.8.3 and Chaty Pro WordPress plugin prior to 2.8.2 do not sanitise and escape the search parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
premio chaty |
||
premio chaty pro |