Skip to main content

Chatra Live Chat Chatbot Cart Saver

1 CVEs product

Monthly

CVE-2026-12041 MEDIUM This Month

Stored cross-site scripting in the Chatra Live Chat + ChatBot + Cart Saver WordPress plugin (all versions ≤ 1.0.12) enables authenticated attackers holding administrator-level credentials to persist arbitrary JavaScript payloads through admin settings fields that lack input sanitization and output escaping. Injected scripts execute silently in the browsers of any user who visits an affected page, enabling session hijacking, credential harvesting, or malicious redirection. Exploitation is gated behind two environmental preconditions - WordPress multisite mode or explicitly disabled unfiltered_html - and no public exploit code or active exploitation has been identified at time of analysis.

WordPress XSS Chatra Live Chat Chatbot Cart Saver
NVD VulDB
CVSS 3.1
4.4
EPSS
0.2%
EPSS 0% CVSS 4.4
MEDIUM This Month

Stored cross-site scripting in the Chatra Live Chat + ChatBot + Cart Saver WordPress plugin (all versions ≤ 1.0.12) enables authenticated attackers holding administrator-level credentials to persist arbitrary JavaScript payloads through admin settings fields that lack input sanitization and output escaping. Injected scripts execute silently in the browsers of any user who visits an affected page, enabling session hijacking, credential harvesting, or malicious redirection. Exploitation is gated behind two environmental preconditions - WordPress multisite mode or explicitly disabled unfiltered_html - and no public exploit code or active exploitation has been identified at time of analysis.

WordPress XSS Chatra Live Chat Chatbot Cart Saver
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy