.. / CVE-2022-27849

Exploit for WordPress Simple Ajax Chat <20220116 - Sensitive Information Disclosure vulnerability (CVE-2022-27849)

Description:

WordPress Simple Ajax Chat before 20220216 is vulnerable to sensitive information disclosure. The plugin does not properly restrict access to the exported data via the sac-export.csv file, which could allow unauthenticated users to access it.

Nuclei Template

View the template here CVE-2022-27849.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-27849.yaml

References:

https://github.com/ARPSyndicate/cvemon
https://nvd.nist.gov/vuln/detail/CVE-2022-27849
https://patchstack.com/database/vulnerability/simple-ajax-chat/wordpress-simple-ajax-chat-plugin-20220115-sensitive-information-disclosure-vulnerability
https://github.com/ARPSyndicate/kenzer-templates
https://wordpress.org/plugins/simple-ajax-chat/#developers

.. / CVE-2022-27849 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for WordPress Simple Ajax Chat <20220116 - Sensitive Information Disclosure vulnerability (CVE-2022-27849)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2022-27849