17 matches found
WordPress Smartsupp - live chat, AI shopping assistant and chatbots plugin <= 3.9.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability
WordPress Smartsupp - live chat, AI shopping assistant and chatbots plugin = 3.9.1 - Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Smartsupp – live chat, chatbots, AI and lead generation versions = 3.9.1...
CVE-2025-12448
The Smartsupp – live chat, AI shopping assistant and chatbots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'code' parameter in all versions up to, and including, 3.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2025-12448
The Smartsupp – live chat, AI shopping assistant and chatbots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'code' parameter in all versions up to, and including, 3.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2025-12448 Smartsupp – live chat, AI shopping assistant and chatbots <= 3.9.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting
The Smartsupp – live chat, AI shopping assistant and chatbots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'code' parameter in all versions up to, and including, 3.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2025-12448 Smartsupp – live chat, AI shopping assistant and chatbots <= 3.9.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting
The Smartsupp – live chat, AI shopping assistant and chatbots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'code' parameter in all versions up to, and including, 3.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2025-12448
Smartsupp – live chat, AI shopping assistant and chatbots for WordPress (plugin) is vulnerable up to version 3.9.1 to a Stored Cross-Site Scripting via the 'code' parameter due to insufficient input sanitization and output escaping. The vulnerability allows authenticated attackers with Subscriber...
WordPress plugin Smartsupp – live chat, AI shopping assistant and chatbots 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-20582
Name of the Vulnerable Software and Affected Versions Smartsupp – live chat, AI shopping assistant and chatbots versions prior to 3.9.2 Description The Smartsupp – live chat, AI shopping assistant and chatbots plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to...
EUVD-2024-37080
Malicious code in bioql PyPI...
CVE-2024-38790
Cross-Site Request Forgery CSRF vulnerability in Smartsupp Smartsupp – live chat, chatbots, AI and lead generation smartsupp-live-chat allows Cross Site Request Forgery.This issue affects Smartsupp – live chat, chatbots, AI and lead generation: from n/a through = 3.6...
CVE-2024-38790
Cross-Site Request Forgery CSRF vulnerability in Smartsupp Smartsupp – live chat, chatbots, AI and lead generation smartsupp-live-chat allows Cross Site Request Forgery.This issue affects Smartsupp – live chat, chatbots, AI and lead generation: from n/a through = 3.6...
CVE-2024-38790 WordPress Smartsupp plugin <= 3.6 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Smartsupp Smartsupp – live chat, chatbots, AI and lead generation smartsupp-live-chat allows Cross Site Request Forgery.This issue affects Smartsupp – live chat, chatbots, AI and lead generation: from n/a through = 3.6...
CVE-2024-38790
CVE-2024-38790 is a CSRF vulnerability in the WordPress plugin Smartsupp – live chat, chatbots, AI and lead generation, affecting versions up to 3.6. Root cause: CSRF flaw enabling unauthorized state-changing requests. Impact per provided data: confidentiality and availability remain unaffected; ...
CVE-2024-38790 WordPress Smartsupp plugin <= 3.6 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Smartsupp Smartsupp – live chat, chatbots, AI and lead generation allows Cross Site Request Forgery.This issue affects Smartsupp – live chat, chatbots, AI and lead generation: from n/a through 3.6...
WordPress plugin Smartsupp 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site reques...
WordPress Smartsupp plugin <= 3.6 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Smartsupp – live chat, chatbots, AI and lead generation versions = 3.6...
WordPress Smartsupp – live chat, chatbots, AI and lead generation Plugin <= 3.6 is vulnerable to Cross Site Request Forgery (CSRF)
Software Smartsupp – live chat, chatbots, AI and lead generation Type Plugin Vulnerable versions = 3.6 Fixed in 3.7 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-38790 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID...