PatchSiren

mxchat CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM mxchat CVE published 2026-07-16

CVE-2026-13005

The MxChat – AI Chatbot & Content Generation for WordPress plugin is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.10. This is due to insufficient input sanitization and output escaping. Authenticated attackers with administrator-level permissions can inject web scripts that execute when users access injected pages. This vulnerability affects multi- [truncated]