WordPress Single-User Chat Plugin Data Modification Vulnerability Leading to Denial-of-Service

Vulnerability

A vulnerability exists in the Single-user-chat plugin for WordPress, all versions through 0.5, allowing authenticated attackers with subscriber-level access and above to unauthorizedly modify data. The issue arises from inadequate validation in the 'single_user_chat_update_login' function, enabling attackers to change option values to 'login'. This could disrupt normal site operations by introducing errors that affect legitimate users or by altering settings related to user registration. Such changes could potentially be exploited to cause a denial-of-service condition on the site.

Impact

Exploitation of this vulnerability could lead to a denial-of-service condition on the affected WordPress site, causing disruptions for legitimate users.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

3.1

exploitability

6.1

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

3.1

exploitability

6.1

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WordPress Single-User Chat Plugin Data Modification Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Affected Products

Single-user-chat

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating