CVE-2026-27370 PUBLISHED

WordPress Chaty plugin <= 3.5.1 - Sensitive Data Exposure vulnerability

Assigner: Patchstack
Reserved: 19.02.2026 Published: 05.03.2026 Updated: 05.03.2026

Insertion of Sensitive Information Into Sent Data vulnerability in Premio Chaty chaty allows Retrieve Embedded Sensitive Data.This issue affects Chaty: from n/a through <= 3.5.1.

Product Status

Vendor	Premio
Product	Chaty
Versions	Default: unaffected affected from n/a to <= 3.5.1 (incl.)

Credits

daroo | Patchstack Bug Bounty Program finder

References

https://patchstack.com/database/Wordpress/Plugin/chaty/vulnerability/wordpress-chaty-plugin-3-5-1-sensitive-data-exposure-vulnerability?_s_id=cve

Problem Types

Insertion of Sensitive Information Into Sent Data CWE

Impacts

Retrieve Embedded Sensitive Data