13 matches found
EUVD-2025-22733
Malicious code in bioql PyPI...
CVE-2025-45960
Cross Site Scripting vulnerability in tawk.to Live Chat v.1.6.1 allows a remote attacker to execute arbitrary code via the web application stores and displays user-supplied input without proper input validation or encoding...
CVE-2025-45960
Cross Site Scripting vulnerability in tawk.to Live Chat v.1.6.1 allows a remote attacker to execute arbitrary code via the web application stores and displays user-supplied input without proper input validation or encoding...
CVE-2025-45960
Cross Site Scripting vulnerability in tawk.to Live Chat v.1.6.1 allows a remote attacker to execute arbitrary code via the web application stores and displays user-supplied input without proper input validation or encoding...
PT-2025-30900 · Unknown · Tawk.To Live Chat
Name of the Vulnerable Software and Affected Versions: tawk.to Live Chat version 1.6.1 Description: A Cross Site Scripting issue exists in tawk.to Live Chat. The web application stores and displays user-supplied input without proper input validation or encoding, potentially allowing a remote...
CVE-2025-45960
CVE-2025-45960 – tawk.to Live Chat v1.6.1 exposes a cross-site scripting vulnerability where user-supplied input is not properly validated or encoded in the web app, allowing a remote attacker to execute arbitrary code. The CVE entry and multiple sources (Red Hat, NVD, CVE List) confirm the issue...
CVE-2025-45960
Cross Site Scripting vulnerability in tawk.to Live Chat v.1.6.1 allows a remote attacker to execute arbitrary code via the web application stores and displays user-supplied input without proper input validation or encoding...
tawk.to Live Chat 安全漏洞
tawk.to Live Chat is an online chat software from the US-based company tawk.to. A security vulnerability exists in tawk.to Live Chat version 1.6.1, which stems from insufficient input validation and could lead to cross-site scripting...
WordPress Tawk.To Live Chat Plugin < 0.6.0 Broken Access Control Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tawk:tawk.tolivechat"; if description...
WordPress Tawk.To Live Chat plugin cross-site request forgery vulnerability
WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers. WordPress Tawk.To Live Chat plugin in versions prior to 0.6.0 suffers from a cross-site request forgery...
CVE-2021-24914
The Tawk.To Live Chat WordPress plugin before 0.6.0 does not have capability and CSRF checks in the tawktosetwidget and tawktoremovewidget AJAX actions, available to any authenticated user. The first one allows low-privileged users including simple subscribers to change the...
Cross site request forgery (csrf)
The Tawk.To Live Chat WordPress plugin before 0.6.0 does not have capability and CSRF checks in the tawktosetwidget and tawktoremovewidget AJAX actions, available to any authenticated user. The first one allows low-privileged users including simple subscribers to change the...
PT-2021-16364 · WordPress · Tawk.To Live Chat
Name of the Vulnerable Software and Affected Versions: Tawk.To Live Chat WordPress plugin versions prior to 0.6.0 Description: The issue concerns the lack of capability and CSRF checks in the tawkto setwidget and tawkto removewidget AJAX actions, which are available to any authenticated user. Thi...