CVE-2023-0899 Information

Description

The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before outputting it back in the Shoutbox leading to Stored Cross-Site Scripting which could be used against high privilege users such as admins.

Reference

https://wpscan.com/vulnerability/e95f925f-118e-4fa1-8e8f-9dc1bc698f12