CVE-2024-13646

Name of the Vulnerable Software and Affected Versions Single-user-chat plugin for WordPress versions up to and including 0.5

Description The issue is related to insufficient validation in the single user chat update login function, allowing authenticated attackers with subscriber-level access and above to update option values to 'login' on the WordPress site. This can be leveraged to create an error on the site, denying service to legitimate users, or to set certain values to true, such as registration.

Recommendations For versions up to and including 0.5, consider disabling the single user chat update login function as a temporary workaround until a patch is available. Restrict access to the Single-user-chat plugin to minimize the risk of exploitation. Avoid using the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.