CVE-2023-3245

Summary

CVE-2023-3245 is a vulnerability affecting the Floating Chat Widget plugin for WordPress before version 3.1.2. This issue allows high privilege users, including admins, to execute Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. The plugin fails to properly sanitize and escape certain settings, creating a security loophole for malicious code injection. In a multisite setup, this vulnerability can pose a significant threat to multiple sites, making it crucial for users to update to the latest version of the plugin or consider disabling it until a fix is available.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.