Plugin Planet Simple Ajax Chat
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Plugin Planet Simple Ajax Chat.
By the Year
In 2026 there have been 0 vulnerabilities in Plugin Planet Simple Ajax Chat. Simple Ajax Chat did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 2 | 5.40 |
| 2023 | 0 | 0.00 |
| 2022 | 3 | 5.97 |
It may take a day or so for new Simple Ajax Chat vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Plugin Planet Simple Ajax Chat Security Vulnerabilities
WordPress Simple Ajax Chat Plugin Stored XSS via Unsanitized Settings
CVE-2024-2470
5.4 - Medium
- June 04, 2024
The Simple Ajax Chat WordPress plugin before 20240412 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
XSS
WP Simple Ajax Chat Reflected XSS via Unsanitized Name Input (CVE-2024-1983)
CVE-2024-1983
- March 20, 2024
The Simple Ajax Chat WordPress plugin before 20240223 does not prevent visitors from using malicious Names when using the chat, which will be reflected unsanitized to other users.
Sensitive Information Disclosure (sac-export.csv) in Simple Ajax Chat (WordPress plugin) <= 20220115
CVE-2022-27849
7.5 - High
- April 15, 2022
Sensitive Information Disclosure (sac-export.csv) in Simple Ajax Chat (WordPress plugin) <= 20220115
Information Disclosure
Cross-Site Request Forgery (CSRF) in Simple Ajax Chat (WordPress plugin) <= 20220115
CVE-2022-27850
4.3 - Medium
- April 15, 2022
Cross-Site Request Forgery (CSRF) in Simple Ajax Chat (WordPress plugin) <= 20220115 allows an attacker to clear the chat log or delete a chat message.
Session Riding
Unauthenticated Stored Cross-Site Scripting (XSS) in Simple Ajax Chat <= 20220115 allows an attacker to store the malicious code
CVE-2022-25610
6.1 - Medium
- March 25, 2022
Unauthenticated Stored Cross-Site Scripting (XSS) in Simple Ajax Chat <= 20220115 allows an attacker to store the malicious code. However, the attack requires specific conditions, making it hard to exploit.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Plugin Planet Simple Ajax Chat or by Plugin Planet? Click the Watch button to subscribe.
