CVE-2021-25016

MEDIUM NUCLEI

Chaty <2.8.3-2.8.2 - XSS

Title source: llm

Description

The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin before 2.8.2 do not sanitise and escape the search parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting

Nuclei Templates (1)

Chaty < 2.8.2 - Cross-Site Scripting

MEDIUMVERIFIEDby luisfelipe146

Shodan: http.html:/wp-content/plugins/chaty/

FOFA: body=/wp-content/plugins/chaty/

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/b5035987-6227-4fc6-bc45-1e8016e5c4c0

Scores

CVSS v3 6.1

EPSS 0.1567

EPSS Percentile 94.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

premio/chaty < 2.8.3

premio/chaty_pro < 2.8.2

Published Jan 03, 2022

Tracked Since Feb 18, 2026