Skip to main content

Elfsight Whatsapp Chat Cc

1 CVEs product

Monthly

CVE-2026-39696 MEDIUM This Month

DOM-Based cross-site scripting (XSS) in Elfsight WhatsApp Chat CC WordPress plugin versions up to 1.2.0 allows authenticated attackers with limited privileges to inject malicious scripts that execute in the context of other users' browsers. The vulnerability requires user interaction (UI:R per CVSS vector) and affects the plugin's DOM manipulation during web page generation. Real-world exploitation risk is low: EPSS score of 0.03% (8th percentile) reflects minimal demonstrated exploitation likelihood, no public proof-of-concept has been identified, and CISA SSVC assessment indicates exploitation is not yet observed and attack automation is infeasible.

XSS Elfsight Whatsapp Chat Cc
NVD
CVSS 3.1
6.5
EPSS
0.0%
EPSS 0% CVSS 6.5
MEDIUM This Month

DOM-Based cross-site scripting (XSS) in Elfsight WhatsApp Chat CC WordPress plugin versions up to 1.2.0 allows authenticated attackers with limited privileges to inject malicious scripts that execute in the context of other users' browsers. The vulnerability requires user interaction (UI:R per CVSS vector) and affects the plugin's DOM manipulation during web page generation. Real-world exploitation risk is low: EPSS score of 0.03% (8th percentile) reflects minimal demonstrated exploitation likelihood, no public proof-of-concept has been identified, and CISA SSVC assessment indicates exploitation is not yet observed and attack automation is infeasible.

XSS Elfsight Whatsapp Chat Cc
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy