Facebook-owned WhatsApp has fixed six previously undisclosed vulnerabilities in its chat platform. Some of the bugs were:

1) a URL-validation issue that caused the recipient of a sticker message containing deliberately malformed data to load an image from a sender-controlled URL without user interaction; and

2) an input-validation issue that could have allowed cross-site scripting if a user clicked on a link from a specially-crafted live location message. WhatsApp have patched these bugs as soon as they were discovered, and said that they will keep “with industry best practices” and conduct “necessary fixes”.

Reference: https://threatpost.com/whatsapp-discloses-6-bugs-dedicated-security-site/158962/