CVE-2024-7816: Gixaw Chat <= 1.0 - Stored XSS via CSRF
First published: Thu Sep 12 2024(Updated: )
The Gixaw Chat WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WordPress | <=1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-7816?
CVE-2024-7816 has a medium severity rating due to its potential for allowing stored XSS attacks through CSRF vulnerabilities.
How do I fix CVE-2024-7816?
To fix CVE-2024-7816, update the Gixaw Chat WordPress plugin to a version beyond 1.0 that implements proper CSRF checks and ensures data sanitization.
What versions of the Gixaw Chat plugin are affected by CVE-2024-7816?
CVE-2024-7816 affects Gixaw Chat plugin version 1.0 and prior.
What risks does CVE-2024-7816 pose to my website?
CVE-2024-7816 poses risks such as unauthorized execution of malicious scripts that can compromise site security and user data.
Who is the vendor for CVE-2024-7816?
The vendor for CVE-2024-7816 is Adeelraza, the developer of the Gixaw Chat WordPress plugin.
- agent/references
- agent/title
- agent/description
- agent/type
- agent/first-publish-date
- agent/author
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/adeelraza
- canonical/wordpress
- version/wordpress/1.0