cvedb.io
CVE-2022-0642
MEDIUM · CVSS 5.4
EPSS exploitation probability: 0%
Published 2022-05-30T09:15:08.757 · Last modified 2026-06-17T04:20:59.320

Summary

The JivoChat Live Chat WordPress plugin before 1.3.5.4 does not properly check CSRF tokens on POST requests to the plugins admin page, and does not sanitise some parameters, leading to a stored Cross-Site Scripting vulnerability where an attacker can trick a logged in administrator to inject arbitrary javascript.

Affected products

jivochat — jivochat

Does this affect you?

Add your gear to cvedb and we'll alert you only when jivochat ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.