Skip to main content

Chatra Live Chat CVE-2026-12041

| EUVDEUVD-2026-42171 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-07-08 Wordfence GHSA-7p67-589v-28jw
4.4
CVSS 3.1 · Vendor: Wordfence
Share

Severity by source

Vendor (Wordfence) PRIMARY
4.4 MEDIUM
AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
vuln.today AI
4.4 MEDIUM

Administrator credentials and a non-default platform configuration are required (PR:H, AC:H); stored XSS executes cross-user in victim browsers justifying S:C, with limited confidentiality and integrity impact and no availability impact.

3.1 AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
4.0 AV:N/AC:H/AT:P/PR:H/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N

Primary rating from Vendor (Wordfence).

CVSS VectorVendor: Wordfence

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Jul 08, 2026 - 06:33 vuln.today
CVE Published
Jul 08, 2026 - 05:34 nvd
MEDIUM 4.4

DescriptionCVE.org

The Chatra Live Chat + ChatBot + Cart Saver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

AnalysisAI

Stored cross-site scripting in the Chatra Live Chat + ChatBot + Cart Saver WordPress plugin (all versions ≤ 1.0.12) enables authenticated attackers holding administrator-level credentials to persist arbitrary JavaScript payloads through admin settings fields that lack input sanitization and output escaping. Injected scripts execute silently in the browsers of any user who visits an affected page, enabling session hijacking, credential harvesting, or malicious redirection. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Obtain WordPress administrator credentials
Delivery
Access Chatra plugin settings page
Exploit
Inject JavaScript payload into unsanitized settings field
Install
Payload persists in database
C2
Victim user visits page rendering injected setting
Execute
Malicious script executes in victim browser
Impact
Exfiltrate session cookies or perform unauthorized actions

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated attacker with WordPress administrator-level privileges or higher - confirmed by CVSS PR:H. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base score of 4.4 (Medium) accurately reflects the constrained exploitation conditions: PR:H requires administrator-level authentication, and AC:H captures the specific environmental prerequisites (multisite deployment or unfiltered_html disabled). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A malicious or compromised WordPress administrator on a multisite network accesses the Chatra plugin settings page and enters a JavaScript payload such as a cookie-stealing script into a configuration field rendered without output escaping (specifically the code paths at chatra.php lines 33 and 61). Any site visitor who subsequently loads a page where the plugin outputs that setting has the payload execute in their browser, allowing the attacker to exfiltrate session tokens or redirect users to a phishing site. …
Remediation No patched version above 1.0.12 is confirmed in the available data - the WordPress plugin Trac references point exclusively to the 1.0.12 source with no fix tag identified. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-12041 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy