CVE-2022-0642

CVE-2022-0642: JivoChat < 1.3.5.4 - Stored Cross-Site Scripting via CSRF

Vendor Unknown
Product JivoChat Live Chat – WP live chat plugin for WordPress
Weakness CWE-352 · CSRF
Published May 30, 2022
Last update August 2, 2024

CVSS base score

What the vulnerability does

01Description

The JivoChat Live Chat WordPress plugin before 1.3.5.4 does not properly check CSRF tokens on POST requests to the plugins admin page, and does not sanitise some parameters, leading to a stored Cross-Site Scripting vulnerability where an attacker can trick a logged in administrator to inject arbitrary javascript.

Key dates

02Disclosure timeline

May 30, 2022 CVE published
August 2, 2024 Record updated