First published: Sat Feb 22 2025(Updated: )
Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Chaty Pro allows Upload a Web Shell to a Web Server. This issue affects Chaty Pro: from n/a through 3.3.3.
Credit: audit@patchstack.com
Affected Software | Affected Version | How to fix |
---|---|---|
Chaty Pro | <=3.3.3 | |
WordPress Chaty Pro Plugin | <=3.3.3 |
Update the WordPress Chaty Pro wordpress plugin to the latest available version (at least 3.3.4).
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2025-26776 is considered high due to its potential for remote code execution via file upload.
To fix CVE-2025-26776, update Chaty Pro to version 3.3.4 or later, which mitigates the file upload vulnerability.
CVE-2025-26776 affects NotFound Chaty Pro versions up to and including 3.3.3.
Yes, CVE-2025-26776 can be exploited remotely, allowing attackers to upload web shells to the server.
CVE-2025-26776 also affects the WordPress Chaty Pro Plugin versions up to and including 3.3.3.