CVE-2022-25610 LOW

CVE-2022-25610: WordPress Simple Ajax Chat plugin <= 20220115 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Vendor Jeff Starr

Product Simple Ajax Chat (WordPress plugin)

Weakness CWE-79 · XSS

Published March 25, 2022

Last update April 28, 2026

View on NVD All CVEs

CVSS base score

3.4/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction Required

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N

What the vulnerability does

01Description

Unauthenticated Stored Cross-Site Scripting (XSS) in Simple Ajax Chat <= 20220115 allows an attacker to store the malicious code. However, the attack requires specific conditions, making it hard to exploit.

Key dates

02Disclosure timeline

March 25, 2022 CVE published

April 28, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-25610 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

Identifiers

CVE CVE-2022-25610

CWE CWE-79

CVSS 3.4 / LOW

Affected versions