AhaChat%20Messenger%20Marketing

AhaChat Messenger Marketing

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2025-68895

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-Not Assigned

EPSS-Not Assigned

Published-20 Feb, 2026 | 15:46

Updated-20 Feb, 2026 | 16:55

WordPress AhaChat Messenger Marketing plugin <= 1.1 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in ahachat AhaChat Messenger Marketing ahachat-messenger-marketing allows Password Recovery Exploitation.This issue affects AhaChat Messenger Marketing: from n/a through <= 1.1.

Vendor-ahachat

Product-AhaChat Messenger Marketing

CWE ID-CWE-288

Authentication Bypass Using an Alternate Path or Channel

CVE-2025-14316

Assigner-WPScan

View Details

Assigner-WPScan

CVSS Score-7.1||HIGH

EPSS-0.01% / 1.63%

7 Day CHG-0.02%

Published-26 Jan, 2026 | 06:00

Updated-26 Jan, 2026 | 15:16

AhaChat Messenger Marketing <= 1.1 - Reflected XSS

The AhaChat Messenger Marketing WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Vendor-Unknown

Product-AhaChat Messenger Marketing

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')