CVE-2022-27849: 
WordPress vulnerability analysis and mitigation

The Simple Ajax Chat WordPress plugin version 20220115 and earlier contains a Sensitive Information Disclosure vulnerability (CVE-2022-27849). The vulnerability was discovered and disclosed on April 15, 2022, affecting the plugin's data export functionality through the sac-export.csv file. This security issue allows unauthenticated users to access sensitive information that should be restricted (Patchstack, WPScan).

The vulnerability is classified as a Sensitive Data Exposure issue (CWE-200) with a CVSS score of 5.3 (medium severity). The security flaw exists in the plugin's export functionality, specifically in the sac-export.csv file, where the plugin fails to properly restrict access to exported data. This allows unauthenticated users to access potentially sensitive information (WPScan, Patchstack).

The vulnerability could allow malicious actors to view sensitive information that is normally not available to regular users. This exposed data could potentially be used to exploit other weaknesses in the system (Patchstack).

The vulnerability was fixed in version 20220216 of the Simple Ajax Chat plugin. Users are advised to update to this version or later to remediate the security issue. The fix prevents unauthorized access to the exported data file (Patchstack, WPScan).