Skip to main content

Live Chat

9 CVEs product

Monthly

CVE-2023-23727 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Live Chat
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2019-14950 MEDIUM POC This Month

The wp-live-chat-support plugin before 8.0.27 for WordPress has XSS via the GDPR page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Live Chat
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2019-11185 CRITICAL POC Act Now

The WP Live Chat Support Pro plugin through 8.0.26 for WordPress contains an arbitrary file upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress Live Chat
NVD
CVSS 3.0
9.8
EPSS
4.3%
CVE-2019-9913 MEDIUM POC This Month

The wp-live-chat-support plugin before 8.0.18 for WordPress has wp-admin/admin.php?page=wplivechat-menu-gdpr-page term XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Live Chat
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2018-18460 MEDIUM POC This Month

XSS exists in the wp-live-chat-support v8.0.15 plugin for WordPress via the modules/gdpr.php term parameter in a wp-admin/admin.php wplivechat-menu-gdpr-page request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Live Chat
NVD GitHub
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-12426 CRITICAL POC Act Now

The WP Live Chat Support Pro plugin before 8.0.07 for WordPress is vulnerable to unauthenticated Remote Code Execution due to client-side validation of allowed file types, as demonstrated by a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress RCE PHP Live Chat
NVD GitHub
CVSS 3.0
9.8
EPSS
5.1%
CVE-2018-11105 MEDIUM POC PATCH This Month

There is stored cross site scripting in the wp-live-chat-support plugin before 8.0.08 for WordPress via the "name" (aka wplc_name) and "email" (aka wplc_email) input fields to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress XSS Live Chat
NVD GitHub
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-9864 MEDIUM POC This Month

The WP Live Chat Support plugin before 8.0.06 for WordPress has stored XSS via the Name field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Live Chat
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2017-2187 MEDIUM This Month

Cross-site scripting vulnerability in WP Live Chat Support prior to version 7.0.07 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Live Chat
NVD
CVSS 3.0
6.1
EPSS
0.3%
EPSS 0% CVSS 4.8
MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Live Chat
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

The wp-live-chat-support plugin before 8.0.27 for WordPress has XSS via the GDPR page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Live Chat
NVD
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

The WP Live Chat Support Pro plugin through 8.0.26 for WordPress contains an arbitrary file upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress Live Chat
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

The wp-live-chat-support plugin before 8.0.18 for WordPress has wp-admin/admin.php?page=wplivechat-menu-gdpr-page term XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP +1
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

XSS exists in the wp-live-chat-support v8.0.15 plugin for WordPress via the modules/gdpr.php term parameter in a wp-admin/admin.php wplivechat-menu-gdpr-page request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP +1
NVD GitHub
EPSS 5% CVSS 9.8
CRITICAL POC Act Now

The WP Live Chat Support Pro plugin before 8.0.07 for WordPress is vulnerable to unauthenticated Remote Code Execution due to client-side validation of allowed file types, as demonstrated by a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress RCE +2
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

There is stored cross site scripting in the wp-live-chat-support plugin before 8.0.08 for WordPress via the "name" (aka wplc_name) and "email" (aka wplc_email) input fields to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress XSS Live Chat
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

The WP Live Chat Support plugin before 8.0.06 for WordPress has stored XSS via the Name field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Live Chat
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross-site scripting vulnerability in WP Live Chat Support prior to version 7.0.07 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Live Chat
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy