CVE-2026-22463
BaseFortify
Publication date: 2026-01-22
Last updated on: 2026-01-27
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| micro | form_to_chat_app | From 1.0.0 (inc) to 1.2.5 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-22463 is a Cross Site Scripting (XSS) vulnerability in the WordPress Form to Chat App Plugin versions up to 1.2.5. It allows a malicious actor to inject and execute malicious scripts, such as redirects, advertisements, or other HTML payloads, on a website when visitors access it. Exploitation requires user interaction by a privileged user with at least Contributor or Developer privileges performing actions like clicking a malicious link, visiting a crafted page, or submitting a form. [1]
How can this vulnerability impact me? :
This vulnerability can lead to the execution of malicious scripts on your website, potentially causing unwanted redirects, displaying unauthorized advertisements, or other harmful HTML payloads. However, the overall impact is considered limited and exploitation is unlikely, as it requires interaction by a privileged user. The CVSS severity score is 6.5, indicating a moderate risk level. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying attempts to inject malicious scripts via the Form to Chat App plugin. Since exploitation requires user interaction with Contributor or Developer privileges, monitoring web server logs for suspicious input patterns or unusual form submissions can help. Specific commands are not provided in the resources. However, general detection methods include using web vulnerability scanners that check for stored XSS in form inputs or reviewing HTTP request logs for suspicious payloads. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting user privileges to prevent untrusted users from having Contributor or Developer roles, sanitizing and validating all user inputs on the server side, and monitoring for suspicious activity. Since no official fix or patched version is currently available, applying strict access controls and educating users about the risk of clicking unknown links or submitting untrusted forms are recommended. [1]