Chathelp Click To Chat Button Woocommerce Chat To Order Floating Chat Form
Monthly
Stored Cross-Site Scripting in the ChatHelp plugin for WordPress (versions through 3.5.1) allows authenticated attackers with contributor-level access to inject persistent malicious scripts via the 'number' and 'group' shortcode attributes, which execute in victims' browsers on page load. The vulnerability stems from insufficient input sanitization and output escaping in the shortcode rendering layer, identified across multiple source files in CustomButtonsTemplates.php and CustomShortcode.php. No public exploit code has been identified at time of analysis, and the plugin is not listed in CISA KEV; however, Wordfence has published a threat intelligence entry and a patch changeset exists in the WordPress plugin repository.
Stored Cross-Site Scripting in the ChatHelp plugin for WordPress (versions through 3.5.1) allows authenticated attackers with contributor-level access to inject persistent malicious scripts via the 'number' and 'group' shortcode attributes, which execute in victims' browsers on page load. The vulnerability stems from insufficient input sanitization and output escaping in the shortcode rendering layer, identified across multiple source files in CustomButtonsTemplates.php and CustomShortcode.php. No public exploit code has been identified at time of analysis, and the plugin is not listed in CISA KEV; however, Wordfence has published a threat intelligence entry and a patch changeset exists in the WordPress plugin repository.