AhaChat Messenger Marketing: Passwords Can Be Recovered Without Permission

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

6.5

AhaChat Messenger Marketing: Passwords Can Be Recovered Without Permission

CVE-2025-68895

Summary

A security issue exists in AhaChat Messenger Marketing, a software used for marketing. If not addressed, attackers could potentially recover passwords without the user's consent, potentially leading to unauthorized access to accounts. Update to the latest version of AhaChat Messenger Marketing to fix this issue.

Original title

Authentication Bypass Using an Alternate Path or Channel vulnerability in ahachat AhaChat Messenger Marketing ahachat-messenger-marketing allows Password Recovery Exploitation.This issue affects Ah...

Original description

nvd CVSS3.1 6.5

Vulnerability type

CWE-288 Authentication Bypass Using Alternate Path

https://patchstack.com/database/Wordpress/Plugin/ahachat-messenger-marketing/vul...

Published: 20 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026