WordPress Simple Ajax Chat Plugin <= 20251121 is vulnerable to Sensitive Data Exposure
Low priority No impactful threat
<= 20251121Vulnerable version(s)
20260217Patched version
17 Feb, 2026 by Patchstack
Get the fastest vulnerability mitigation with Patchstack!
Get startedRisks
CVSS 5.3Note by Patchstack
This vulnerability does not impact users running the Apache web server. Users of other web servers (nginx, IIS, etc.) are impacted and should upgrade to the latest available version.
5.3
Sensitive Data Exposure
This could allow a malicious actor to view sensitive information that is normally not available to regular users. This can be used to exploit other weaknesses in the system.
CVSS score is a way to evaluate and rank reported vulnerabilities in a standardized and repeatable way but which is not ideal for WordPress.
Solutions
This security issue has a low severity impact and is unlikely to be exploited.
Update to version 20260217 or later.
Update to version 20260217 or later to resolve the vulnerability. Patchstack users can turn on auto-update for vulnerable plugins only.
Details
Have additional information or questions about this entry? Let us know.
Timeline
18 Jan, 2026