Severity by source
AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Administrator credentials and a non-default platform configuration are required (PR:H, AC:H); stored XSS executes cross-user in victim browsers justifying S:C, with limited confidentiality and integrity impact and no availability impact.
Primary rating from Vendor (Wordfence).
CVSS VectorVendor: Wordfence
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
The Chatra Live Chat + ChatBot + Cart Saver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
AnalysisAI
Stored cross-site scripting in the Chatra Live Chat + ChatBot + Cart Saver WordPress plugin (all versions ≤ 1.0.12) enables authenticated attackers holding administrator-level credentials to persist arbitrary JavaScript payloads through admin settings fields that lack input sanitization and output escaping. Injected scripts execute silently in the browsers of any user who visits an affected page, enabling session hijacking, credential harvesting, or malicious redirection. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires an authenticated attacker with WordPress administrator-level privileges or higher - confirmed by CVSS PR:H. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 base score of 4.4 (Medium) accurately reflects the constrained exploitation conditions: PR:H requires administrator-level authentication, and AC:H captures the specific environmental prerequisites (multisite deployment or unfiltered_html disabled). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A malicious or compromised WordPress administrator on a multisite network accesses the Chatra plugin settings page and enters a JavaScript payload such as a cookie-stealing script into a configuration field rendered without output escaping (specifically the code paths at chatra.php lines 33 and 61). Any site visitor who subsequently loads a page where the plugin outputs that setting has the payload execute in their browser, allowing the attacker to exfiltrate session tokens or redirect users to a phishing site. … |
| Remediation | No patched version above 1.0.12 is confirmed in the available data - the WordPress plugin Trac references point exclusively to the 1.0.12 source with no fix tag identified. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42171
GHSA-7p67-589v-28jw