Vulnerability Details CVE-2022-3415
The Chat Bubble WordPress plugin before 2.3 does not sanitise and escape some contact parameters, which could allow unauthenticated attackers to set Stored Cross-Site Scripting payloads in them, which will trigger when an admin view the related contact message
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 66.9%
CVSS Severity
CVSS v3 Score 6.1
References
Products affected by CVE-2022-3415
-
cpe:2.3:a:bluecoral:chat_bubble:*