CVE-2022-3415

CVE-2022-3415: Chat Bubble < 2.3 - Unauthenticated Stored Cross-Site Scripting

Vendor Unknown

Product Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back

Weakness CWE-79 · XSS

Published November 14, 2022

Last update April 30, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Chat Bubble WordPress plugin before 2.3 does not sanitise and escape some contact parameters, which could allow unauthenticated attackers to set Stored Cross-Site Scripting payloads in them, which will trigger when an admin view the related contact message

Key dates

02Disclosure timeline

November 14, 2022 CVE published

April 30, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-3415 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-9344 BerqWP – Automated All-In-One PageSpeed Optimization Plugin for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript <= 2.1.1 - Reflected Cross-Site Scripting CVE-2024-21908 Cross-site scripting vulnerability in TinyMCE CVE-2025-46989 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) CVE-2026-33276 XSS in Unified Search via Unescaped Host/Service Names CVE-2023-1609 Zhong Bang CRMEB Java save cross site scripting