CVE-2026-39967

TypeBot (versions ≤ 3.15.2) suffers a missing typebotId filter in its findResult query, allowing an authenticated user to load result data (answers, variable values, hasStarted flag) from another typebot by supplying a foreign resultId to the startChat endpoint. Exploitation is limited by cryptog...

WordPress wp-live-chat-support plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site. wp-live-chat-support plugin is used in one of the live chat plugin. A cross-site scripting vulnerability exists i...