CVE-2024-1983
HighPublic PoC
Published: 20 March 2024
Published
20 March 2024
Modified
05 May 2025
KEV Added
—
Patch
—
CVSS Score v3.1
7.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
EPSS Score
0.0018
39.7th percentile
Risk Priority
14
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2024-1983 is a high-severity an unspecified weakness vulnerability in Plugin-Planet Simple Ajax Chat. Its CVSS base score is 7.1 (High).
Operationally, ranked at the 39.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-17699
Vulnerability details
The Simple Ajax Chat WordPress plugin before 20240223 does not prevent visitors from using malicious Names when using the chat, which will be reflected unsanitized to other users.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
plugin-planet
simple ajax chat
≤ 20240223
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.