CVSS 3.1 Score 4.4 of 10 (medium)


Published Mar 27, 2024


CVE-2024-2956 is a vulnerability found in the Simple Ajax Chat – Add a Fast, Secure Chat Box plugin for WordPress. It affects all versions up to and including 20231101. The vulnerability is a Stored Cross-Site Scripting (XSS) issue, caused by insufficient input sanitization and output escaping in the admin settings. This allows authenticated attackers with administrator-level permissions or higher to inject arbitrary web scripts into pages that will execute when accessed by users. However, this vulnerability only impacts multi-site installations and installations where unfiltered_html has been disabled. The risk score for this vulnerability is 26, with a base severity of MEDIUM. To remediate this vulnerability, users should update the affected plugin to the latest version, which includes fixes for this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.


Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2024-2956 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions