CVE-2026-39967

TypeBot (versions ≤ 3.15.2) suffers a missing typebotId filter in its findResult query, allowing an authenticated user to load result data (answers, variable values, hasStarted flag) from another typebot by supplying a foreign resultId to the startChat endpoint. Exploitation is limited by cryptog...

WordPress wp-live-chat-support plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site. wp-live-chat-support plugin is used in one of the live chat plugin. A cross-site scripting vulnerability exists i...

CVE-2018-11105

There is stored cross site scripting in the wp-live-chat-support plugin before 8.0.08 for WordPress via the "name" aka wplcname and "email" aka wplcemail input fields to wp-json/wplivechatsupport/v1/startchat whenever a malicious attacker would initiate a new chat with an administrator. NOTE: thi...

PT-2018-10311 · WordPress · Wp-Live-Chat-Support

Name of the Vulnerable Software and Affected Versions: wp-live-chat-support plugin versions prior to 8.0.08 Description: The issue is related to stored cross-site scripting in the wp-live-chat-support plugin for WordPress. This occurs via the name aka wplc name and email aka wplc email input fiel...