CVE-2025-26776

Name of the Vulnerable Software and Affected Versions Chaty Pro versions n/a through 3.3.3

Description The issue affects Chaty Pro, allowing an attacker to upload malicious files that can be used to take control of a website. This is due to an Unrestricted Upload of File with Dangerous Type vulnerability, which enables the upload of a web shell to a web server. Thousands of WordPress sites are exposed to takeover. The estimated number of potentially affected devices worldwide is over 18,000 users.

Recommendations For Chaty Pro versions n/a through 3.3.3, consider disabling the plugin until a patch is available to prevent exploitation. Restrict access to the plugin to minimize the risk of takeover. Avoid using the plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.