WP Live Chat Support <= 8.0.27 — Stored Cross-Site Scripting

wp-live-chat-support plugin before 8.0.27 for WordPress contains a reflected cross-site scripting caused by insufficient sanitization in the GDPR page, letting attackers execute arbitrary scripts in the context of the victim's browser, exploit requires victim to visit a malicious page. id:...

CVE-2019-11185

The WP Live Chat Support Pro plugin through 8.0.26 for WordPress contains an arbitrary file upload vulnerability. This results from an incomplete patch for CVE-2018-12426. Arbitrary file upload is achieved by using a non-blacklisted executable file extension in conjunction with a whitelisted file...

EUVD-2018-21456

Malware in sbrugna...

EUVD-2016-1873

Malware in sbrugna...

EUVD-2018-10188

Malware in sbrugna...

EUVD-2018-3147

Malware in sbrugna...

EUVD-2017-9624

Malware in sbrugna...

EUVD-2017-11370

Malware in sbrugna...

EUVD-2017-9623

Malware in sbrugna...

EUVD-2019-19268

Malware in sbrugna...

CVE-2019-12498

The WP Live Chat Support plugin before 8.0.33 for WordPress accepts certain REST API calls without invoking the wplcapipermissioncheck protection mechanism...

CVE-2019-14950

The wp-live-chat-support plugin before 8.0.27 for WordPress has XSS via the GDPR page...

CVE-2017-18507

The wp-live-chat-support plugin before 7.1.05 for WordPress has XSS...

CVE-2022-2039

The Free Live Chat Support plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.11. This is due to missing nonce protection on the livesupportisettings function found in the /livesupporti.php file. This makes it possible for unauthenticated attacke...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bit Assist Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating...

CVE-2023-51371

The CVE-2023-51371 entry concerns the WordPress Bit Assist Plugin (

WordPress Live Chat Support Plugin < 8.0.26 Arbitrary File Upload Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:3cx:livechat"; if description...

CVE-2022-2039 Free Live Chat Support <= 1.0.11 - Cross-Site Request Forgery to Cross-Site Scripting

The Free Live Chat Support plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.11. This is due to missing nonce protection on the livesupportisettings function found in the /livesupporti.php file. This makes it possible for unauthenticated attacke...

CVE-2022-2039

CVE-2022-2039 concerns the Free Live Chat Support plugin for WordPress, where a CSRF flaw stems from missing nonce protection in livesupporti_settings() (livesupporti.php). The affected range is up to and including 1.0.11 (some sources also reference 1.0.12). The vulnerability allows unauthentica...

PT-2022-14615 · WordPress · Free Live Chat Support

Name of the Vulnerable Software and Affected Versions: Free Live Chat Support plugin for WordPress versions up to, and including 1.0.11 Description: The issue is due to missing nonce protection on the livesupporti settings function found in the /livesupporti.php file. This allows unauthenticated...