MxChat Vulnerability

MEDIUM (5.3) No Patch (11 days)

Threat Intelligence

High Risk - Exploits exist

EPSS Score: 0.05% chance of exploitation (percentile: 15%)

🔍 Detection Tools: None available in major open-source tools

⚔️ Exploit Availability: GitHub PoC

How we test →

What is it?

MxChat is an AI Chatbot for WordPress plugin used by some WordPress websites to enhance user experience. This vulnerability allows attackers to extract sensitive information from the chat system, potentially leading to unauthorized access to conversation data.

Am I affected?

Specific version info not stated in the advisory.

Affected Products

Microsoft / MxChat

How to fix

To fix this vulnerability:

Update your MxChat plugin to version 2.5.6 or later.
- You can download the latest version from the official WordPress Plugin Directory: https://wordpress.org/plugins/mxchat/
If you cannot update immediately, apply these immediate mitigations:
- Restrict network access to your MxChat instance (firewall it from the public internet).
- Monitor for suspicious activity related to file uploads and chat sessions.