CVE-2026-8420

Name of the Vulnerable Software and Affected Versions BLOGCHAT Chat System versions prior to 1.3.6.4

Description The BLOGCHAT Chat System plugin for WordPress contains a Cross-Site Request Forgery (CSRF) flaw. This occurs due to missing or incorrect nonce validation—a security token used to ensure that a request was intentionally sent by the user—on a function. This allows unauthenticated attackers to update settings and inject malicious web scripts via a forged request, provided they can trick a site administrator into performing an action, such as clicking a link.

Recommendations Update to a version newer than 1.3.6.3.