WP Live Chat Support <= 8.0.27 — Stored Cross-Site Scripting

wp-live-chat-support plugin before 8.0.27 for WordPress contains a reflected cross-site scripting caused by insufficient sanitization in the GDPR page, letting attackers execute arbitrary scripts in the context of the victim's browser, exploit requires victim to visit a malicious page. id:...

Steveas WP Live Chat Shoutbox <= 1.4.2 - SQL Injection

The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. id: CVE-2023-1020 info: name: Steveas WP Live Chat Shoutbox = 1.4.2 - SQL...

ClickDesk Live Support Live Chat 2.0 - Cross-Site Scripting

A cross-site scripting vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter. id: CVE-2011-5181 info: name: ClickDesk Live Support Live Chat 2.0 - Cross-Site Scripti...

WordPress plugin HubSpot All-In-One Marketing - Forms, Popups, Live Chat 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Fake Avast Website Targets Users With €499 Phishing Refund Scam

Fraudsters clone Avast’s website to target French users with a €499 phishing scam, using urgency tactics, live chat, and card validation to steal payment data...

Refund scam impersonates Avast to harvest credit card details

A fraudulent website dressed in Avast’s brand is tricking French-speaking users into handing over their full credit card details—card number, expiry date, and three-digit security code—under the cover story of processing a €499.99 refund that was never owed to them. The operation combines live ch...

Bdtask Business Live Chat Software 跨站请求伪造漏洞

Bdtask Business Live Chat Software is an online meeting software developed by the Bangladeshi company Bdtask. Version 1.0 of Bdtask Business Live Chat Software has a cross-site request forgeing vulnerability. This vulnerability arises because attackers may be able to change user account roles...

CVE-2016-10879

The wp-live-chat-support plugin before 6.2.02 for WordPress has XSS...

CVE-2019-18662

An issue was discovered in YouPHPTube through 7.7. User input passed through the livestreamcode POST parameter to /plugin/LiveChat/getChat.json.php is not properly sanitized in getFromChat in plugin/LiveChat/Objects/LiveChatObj.php before being used to construct a SQL query. This can be exploited...

CVE-2019-11185

The WP Live Chat Support Pro plugin through 8.0.26 for WordPress contains an arbitrary file upload vulnerability. This results from an incomplete patch for CVE-2018-12426. Arbitrary file upload is achieved by using a non-blacklisted executable file extension in conjunction with a whitelisted file...

CVE-2025-12751

The WSChat – WordPress Live Chat plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'resetsettings' AJAX endpoint in all versions up to, and including, 3.1.6. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2025-12751

CVE-2025-12751 (WSChat – WordPress Live Chat) ?The Wordfence intelligence entry confirms a vulnerability in the WSChat WordPress Live Chat plugin (versions up to and including 3.1.6): a missing capability check on the reset_settings AJAX endpoint allows authenticated users with Subscriber-level a...

EUVD-2025-60970

The Five9 Live Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'toolbar' attribute of the five9-chat shortcode in all versions up to, and including, 1.1.2. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2025-11829

The Five9 Live Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'toolbar' attribute of the five9-chat shortcode in all versions up to, and including, 1.1.2. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2025-11829

CVE-2025-11829 relates to the Five9 Live Chat plugin for WordPress. The WordPress plugin versions through 1.1.2 are vulnerable to Stored Cross-Site Scripting via the toolbar attribute in the [five9-chat] shortcode, due to insufficient input sanitization and output escaping. The Wordfence report (...

CVE-2025-11829 Five9 Live Chat <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Five9 Live Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'toolbar' attribute of the five9-chat shortcode in all versions up to, and including, 1.1.2. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2025-11829 Five9 Live Chat <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Five9 Live Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'toolbar' attribute of the five9-chat shortcode in all versions up to, and including, 1.1.2. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

WordPress Five9 Live Chat plugin <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Five9 Live Chat versions = 1.1.2...

PT-2025-46254

Name of the Vulnerable Software and Affected Versions Five9 Live Chat plugin for WordPress versions through 1.1.2 Description The Five9 Live Chat plugin for WordPress is susceptible to Stored Cross-Site Scripting through the toolbar attribute within the five9-chat shortcode. This occurs because o...

WordPress plugin Five9 Live Chat 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...