vulnerability

WordPress Plugin: wise-chat: CVE-2019-6780: Improper Input Validation

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:M/Au:N/C:P/I:P/A:N)	Jan 25, 2019	May 15, 2025	May 15, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:N)

Published

Jan 25, 2019

Added

May 15, 2025

Modified

May 15, 2025

Description

The Wise Chat plugin for WordPress is vulnerable to Reverse Tabnabbing in versions up to, and including, 2.6.3. This is due to mishandling of external links due to omitting noopener and noreferrer. This makes it possible for a chat-using attacker to provide a link that opens a new tab while silently redirecting the original - this can be used to redirect them to a phishing site on the original tab.

Solution

wise-chat-plugin-cve-2019-6780

References

URL-https://www.cve.org/CVERecord?id=CVE-2019-6780
URL-https://www.wordfence.com/threat-intel/vulnerabilities/id/c46b26c7-3302-4730-915c-1882b315600c?source=api-prod
CVE-2019-6780
https://attackerkb.com/topics/CVE-2019-6780

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today