485 matches found
ClickDesk Live Support Live Chat 2.0 - Cross-Site Scripting
A cross-site scripting vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter. id: CVE-2011-5181 info: name: ClickDesk Live Support Live Chat 2.0 - Cross-Site Scripti...
Steveas WP Live Chat Shoutbox <= 1.4.2 - SQL Injection
The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. id: CVE-2023-1020 info: name: Steveas WP Live Chat Shoutbox = 1.4.2 - SQL...
WP Live Chat Support <= 8.0.27 — Stored Cross-Site Scripting
wp-live-chat-support plugin before 8.0.27 for WordPress contains a reflected cross-site scripting caused by insufficient sanitization in the GDPR page, letting attackers execute arbitrary scripts in the context of the victim's browser, exploit requires victim to visit a malicious page. id:...
CVE-2026-49082
Subscriber Sensitive Data Exposure in Chatway Live Chat AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons = 1.4.8 versions...
CVE-2026-49082
CVE-2026-49082 affects the WordPress plugin Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons (versions ≤ 1.4.8). The connected sources describe a Sensitive Data Exposure vulnerability in this plugin, with CVSSv3.1 base score 7.4 (HIGH) and network a...
CVE-2026-49082 WordPress Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons plugin <= 1.4.8 - Sensitive Data Exposure vulnerability
Subscriber Sensitive Data Exposure in Chatway Live Chat AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons = 1.4.8 versions...
CVE-2026-49082 WordPress Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons plugin <= 1.4.8 - Sensitive Data Exposure vulnerability
Subscriber Sensitive Data Exposure in Chatway Live Chat AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons = 1.4.8 versions...
EUVD-2026-36878
Subscriber Sensitive Data Exposure in Chatway Live Chat AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons = 1.4.8 versions...
PT-2026-49140
Name of the Vulnerable Software and Affected Versions Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons versions prior to 1.4.9 Description An issue exists that leads to the exposure of sensitive subscriber data. Recommendations Update to a version...
WordPress Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons plugin <= 1.4.8 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by dodoh4t in WordPress Plugin Chatway Live Chat AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons versions = 1.4.8...
EUVD-2019-20173
Live Chat Unlimited 2.8.3 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the chat input field. Attackers can submit payloads containing script tags and event handlers that execute in the admin area, enabling cookie...
CVE-2019-25737 Live Chat Unlimited 2.8.3 Stored Cross-Site Scripting
Live Chat Unlimited 2.8.3 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the chat input field. Attackers can submit payloads containing script tags and event handlers that execute in the admin area, enabling cookie...
CVE-2019-25737 Live Chat Unlimited 2.8.3 Stored Cross-Site Scripting
Live Chat Unlimited 2.8.3 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the chat input field. Attackers can submit payloads containing script tags and event handlers that execute in the admin area, enabling cookie...
CVE-2019-25737
CVE-2019-25737 affects Live Chat Unlimited 2.8.3. The issue is a stored cross-site scripting (XSS) vulnerability in the chat input field that allows unauthenticated attackers to submit payloads with script tags and event handlers. These scripts can execute in the admin area, enabling cookie theft...
CVE-2019-25737
Live Chat Unlimited 2.8.3 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the chat input field. Attackers can submit payloads containing script tags and event handlers that execute in the admin area, enabling cookie...
PT-2026-46207
Name of the Vulnerable Software and Affected Versions Live Chat Unlimited version 2.8.3 Description A stored cross-site scripting issue allows unauthenticated attackers to inject malicious scripts via the chat input field. By submitting payloads containing script tags and event handlers, attacker...
WordPress plugin Live Chat Unlimited 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin HubSpot All-In-One Marketing - Forms, Popups, Live Chat 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Fake Avast Website Targets Users With €499 Phishing Refund Scam
Fraudsters clone Avast’s website to target French users with a €499 phishing scam, using urgency tactics, live chat, and card validation to steal payment data...
Refund scam impersonates Avast to harvest credit card details
A fraudulent website dressed in Avast’s brand is tricking French-speaking users into handing over their full credit card details—card number, expiry date, and three-digit security code—under the cover story of processing a €499.99 refund that was never owed to them. The operation combines live ch...