{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-1450", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-02-18T17:33:05.328Z", "datePublished": "2025-02-27T09:21:48.750Z", "dateUpdated": "2026-04-08T17:13:53.790Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:13:53.790Z"}, "affected": [{"vendor": "premio", "product": "Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button \u2013 Chaty", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.3.5", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button, WhatsApp \u2013 Chaty plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018data-hover\u2019 parameter in all versions up to, and including, 3.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "title": "Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button, WhatsApp \u2013 Chaty <= 3.3.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a87d0966-3fd4-46f8-acd5-1cf0cb18af42?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/chaty/tags/3.3.4/js/cht-front-script.js#L389"}, {"url": "https://plugins.trac.wordpress.org/browser/chaty/tags/3.3.5/js/cht-front-script.min.js"}, {"url": "https://plugins.trac.wordpress.org/changeset/3246336/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Craig Smith"}], "timeline": [{"time": "2025-02-26T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-27T14:32:36.013986Z", "id": "CVE-2025-1450", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-27T14:32:44.387Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1450", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-27T14:32:36.013986Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-27T14:32:39.904Z"}}], "cna": {"title": "Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button, WhatsApp \u2013 Chaty <= 3.3.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting", "credits": [{"lang": "en", "type": "finder", "value": "Craig Smith"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "premio", "product": "Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button \u2013 Chaty", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "3.3.5"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-02-26T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a87d0966-3fd4-46f8-acd5-1cf0cb18af42?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/chaty/tags/3.3.4/js/cht-front-script.js#L389"}, {"url": "https://plugins.trac.wordpress.org/browser/chaty/tags/3.3.5/js/cht-front-script.min.js"}, {"url": "https://plugins.trac.wordpress.org/changeset/3246336/"}], "descriptions": [{"lang": "en", "value": "The Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button, WhatsApp \u2013 Chaty plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018data-hover\u2019 parameter in all versions up to, and including, 3.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:13:53.790Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1450", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:13:53.790Z", "dateReserved": "2025-02-18T17:33:05.328Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-02-27T09:21:48.750Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:premio:floating_chat_widget:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "6A0EEEF6-6533-4E3C-B7E1-6200F4554AF2", "versionEndExcluding": "3.3.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button, WhatsApp \u2013 Chaty plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018data-hover\u2019 parameter in all versions up to, and including, 3.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}, {"lang": "es", "value": "El complemento Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button, WhatsApp \u2013 Chaty para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del par\u00e1metro 'data-hover' en todas las versiones hasta la 3.3.5 incluida, debido a una depuraci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."}], "id": "CVE-2025-1450", "lastModified": "2025-03-11T15:46:05.180", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-02-27T10:15:10.677", "references": [{"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/chaty/tags/3.3.4/js/cht-front-script.js#L389"}, {"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/chaty/tags/3.3.5/js/cht-front-script.min.js"}, {"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/3246336/"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a87d0966-3fd4-46f8-acd5-1cf0cb18af42?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T22:15:14.304729+00:00", "value": {"mitigation_remediation": ["Update the plugin to the latest release (3.3.6 or newer) where the data\u2011hover sanitization fix has been applied.", "Remove or sanitize any existing data\u2011hover values in configured widgets to delete malicious payloads.", "Restrict Contributor\u2011level users from editing widget settings, or adjust role capabilities to limit access."], "summary": {"action": "Patch", "impact": "Stored Cross\u2011Site Scripting resulting in arbitrary script execution on visitors\u2019 browsers"}, "threat_synthesis": {"affected_systems": "The affected product is the WordPress plugin Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button \u2013 Chaty from Premio. Versions up to and including 3.3.5 contain the flaw, so any installation of these plugin versions on any WordPress site is vulnerable.", "description_and_impact": "This vulnerability allows an authenticated user with Contributor-level access or higher to inject arbitrary JavaScript into the output of the Floating Chat Widget plugin. The flaw originates in the data-hover parameter, which is stored in the database and rendered without proper sanitization or escaping. When a page containing the widget is viewed, any malicious script embedded in that parameter is executed in the victim\u2019s browser. This stored cross\u2011site scripting can lead to session hijacking, cookie theft, defacement or phishing attacks against site visitors.", "risk_and_exploitability": "The CVSS score of 6.4 suggests a moderate impact, and the EPSS score of less than 1% indicates a low probability of exploitation. Exploitation requires an authenticated contributor or higher, so attackers must first compromise such credentials. The vulnerability is not listed in CISA\u2019s KEV catalog. If exploited, malicious scripts would run within the context of the site\u2019s domain, potentially enabling attackers to read or modify user data and deface content."}}}}, "created": "2026-04-21T22:15:45.906350+00:00", "updated": "2026-04-21T22:15:45.906360+00:00", "vendors": []}