MEDIUM
rdbeach
CVE published 2026-05-20
CVE-2026-8420
Cross-Site Request Forgery (CSRF) vulnerability in BLOGCHAT Chat System WordPress plugin versions up to and including 1.3.6.3 allows unauthenticated attackers to modify plugin settings and inject malicious web scripts via forged requests, contingent on tricking a site administrator into clicking a malicious link. The vulnerability stems from missing or incorrect nonce validation on a sensitive function. C [truncated]