WP Live Chat Support <= 8.0.27 — Stored Cross-Site Scripting

wp-live-chat-support plugin before 8.0.27 for WordPress contains a reflected cross-site scripting caused by insufficient sanitization in the GDPR page, letting attackers execute arbitrary scripts in the context of the victim's browser, exploit requires victim to visit a malicious page. id:...

CVE-2019-11185

The WP Live Chat Support Pro plugin through 8.0.26 for WordPress contains an arbitrary file upload vulnerability. This results from an incomplete patch for CVE-2018-12426. Arbitrary file upload is achieved by using a non-blacklisted executable file extension in conjunction with a whitelisted file...

EUVD-2016-1873

Malware in sbrugna...

EUVD-2018-21456

Malware in sbrugna...

EUVD-2018-3147

Malware in sbrugna...

EUVD-2018-10188

Malware in sbrugna...

EUVD-2019-19268

Malware in sbrugna...

EUVD-2017-9623

Malware in sbrugna...

EUVD-2017-11370

Malware in sbrugna...

EUVD-2017-9624

Malware in sbrugna...

EUVD-2025-17227

Malicious code in bioql PyPI...

CVE-2019-12498

The WP Live Chat Support plugin before 8.0.33 for WordPress accepts certain REST API calls without invoking the wplcapipermissioncheck protection mechanism...

CVE-2019-14950

The wp-live-chat-support plugin before 8.0.27 for WordPress has XSS via the GDPR page...

CVE-2017-18507

The wp-live-chat-support plugin before 7.1.05 for WordPress has XSS...

CVE-2023-49821

CVE-2023-49821 is a CSRF vulnerability in the WordPress plugin LiveChat – WP Live Chat Plugin for WordPress (affected up to version 4.5.15). The issue stems from missing CSRF checks, enabling potential unauthorized actions by an attacker. Public references indicate the vulnerability exists in ver...

CVE-2023-1020 Steveas WP Live Chat Shoutbox <= 1.4.2 - Unauthenticated SQLi

The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

CVE-2023-0899

The CVE-2023-0899 entry concerns the Steveas WP Live Chat Shoutbox WordPress plugin (

WP-Live Chat by 3CX < 8.2.0 - Authenticated Stored Cross-Site Scripting

There is a Stored Cross-Site Scripting XSS in WP-Live Chat by 3CX v. 8.1.9 By 3CX within the Quick Response function. Due to the nature of this vulnerability, a malicious attack with access to a WordPress multisite and permissions to this plugin can craft a malformed JavaScript payload. PoC...

CVE-2019-12498

The WP Live Chat Support plugin before 8.0.33 for WordPress accepts certain REST API calls without invoking the wplcapipermissioncheck protection mechanism...

CVE-2019-12498

The CVE-2019-12498 entry affects the WordPress WP Live Chat Support plugin, where versions prior to 8.0.33 allow unauthenticated REST API access because the wplc_api_permission_check protection is not invoked. Public sources (NVD, Red Hat, CVE lists) describe this as an API-authentication bypass ...