MEDIUM
mxchat
CVE published 2026-07-16
CVE-2026-13005
The MxChat – AI Chatbot & Content Generation for WordPress plugin is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.10. This is due to insufficient input sanitization and output escaping. Authenticated attackers with administrator-level permissions can inject web scripts that execute when users access injected pages. This vulnerability affects multi- [truncated]