CVSS 3.1 Score 4.4 of 10 (medium)


Published Mar 27, 2024


CVE-2024-2956 is a vulnerability found in the Simple Ajax Chat – Add a Fast, Secure Chat Box plugin for WordPress. It affects all versions up to and including 20231101. The vulnerability is a Stored Cross-Site Scripting (XSS) issue, caused by insufficient input sanitization and output escaping in the admin settings. This allows authenticated attackers with administrator-level permissions or higher to inject arbitrary web scripts into pages that will execute when accessed by users. However, this vulnerability only impacts multi-site installations and installations where unfiltered_html has been disabled. The risk score for this vulnerability is 26, with a base severity of MEDIUM. To remediate this vulnerability, users should update the affected plugin to the latest version, which includes fixes for this issue.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-2956 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options