ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Wise Chat plugin <= 2.6.3 - Reverse Tabnabbing vulnerability

Product
Wise Chat
Description
Reverse Tabnabbing vulnerability found by MTK in WordPress Wise Chat plugin (versions <= 2.6.3).
Solution
Update the WordPress Wise Chat plugin to the latest available version (at least 2.7).
Classification
Type Session Hijacking
OWASP Top 10 A10: Unvalidated Redirects and Forwards
References
Plugin changelog
CVE
Name CVE-2019-6780
Versions
Affected In <= 2.6.3
Fixed In 2.7
Disclosure date
2019-01-25
Credits
MTK
Submitter
ThreatPress