Live Chat Security Vulnerabilities and Issues — Live Chat CVE List

Lucene search

3cxLive Chat

13 matches found

CVE•added 2019/06/03 9:29 p.m.•132 views

CVE-2019-11185

The WP Live Chat Support Pro plugin through 8.0.26 for WordPress contains an arbitrary file upload vulnerability. This results from an incomplete patch for CVE-2018-12426. Arbitrary file upload is achieved by using a non-blacklisted executable file extension in conjunction with a whitelisted file e...

9.8CVSS9.4AI score0.1059EPSS

CVE•added 2020/03/20 7:15 p.m.•132 views

CVE-2019-12498

The WP Live Chat Support plugin before 8.0.33 for WordPress accepts certain REST API calls without invoking the wplc_api_permission_check protection mechanism.

9.8CVSS9.5AI score0.00843EPSS

CVE•added 2017/06/09 4:29 p.m.•54 views

CVE-2017-2187

Cross-site scripting vulnerability in WP Live Chat Support prior to version 7.0.07 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.1CVSS6AI score0.00286EPSS

CVE•added 2018/07/02 5:29 p.m.•52 views

CVE-2018-12426

The WP Live Chat Support Pro plugin before 8.0.07 for WordPress is vulnerable to unauthenticated Remote Code Execution due to client-side validation of allowed file types, as demonstrated by a v1/remote_upload request with a .php filename and the image/jpeg content type.

9.8CVSS9.6AI score0.1059EPSS

CVE•added 2019/08/13 5:15 p.m.•50 views

CVE-2017-18507

The wp-live-chat-support plugin before 7.1.05 for WordPress has XSS.

6.1CVSS6.4AI score0.0021EPSS

CVE•added 2019/08/22 8:15 p.m.•48 views

CVE-2014-10386

The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScript injections.

6.1CVSS6.4AI score0.0019EPSS

CVE•added 2019/08/12 3:15 p.m.•48 views

CVE-2016-10879

The wp-live-chat-support plugin before 6.2.02 for WordPress has XSS.

6.1CVSS6.4AI score0.00439EPSS

CVE•added 2018/05/15 3:29 p.m.•48 views

CVE-2018-11105

There is stored cross site scripting in the wp-live-chat-support plugin before 8.0.08 for WordPress via the "name" (aka wplc_name) and "email" (aka wplc_email) input fields to wp-json/wp_live_chat_support/v1/start_chat whenever a malicious attacker would initiate a new chat with an administrator. N...

6.1CVSS6.1AI score0.00401EPSS

CVE•added 2018/04/09 5:29 p.m.•47 views

CVE-2018-9864

The WP Live Chat Support plugin before 8.0.06 for WordPress has stored XSS via the Name field.

6.1CVSS5.9AI score0.0038EPSS

CVE•added 2019/08/12 3:15 p.m.•45 views

CVE-2017-18508

The wp-live-chat-support plugin before 7.1.03 for WordPress has XSS.

6.1CVSS6.4AI score0.00487EPSS

CVE•added 2019/08/12 3:15 p.m.•44 views

CVE-2019-14950

The wp-live-chat-support plugin before 8.0.27 for WordPress has XSS via the GDPR page.

6.1CVSS6AI score0.00439EPSS

CVE•added 2019/03/22 12:29 a.m.•42 views

CVE-2019-9913

The wp-live-chat-support plugin before 8.0.18 for WordPress has wp-admin/admin.php?page=wplivechat-menu-gdpr-page term XSS.

6.1CVSS6.3AI score0.00243EPSS

CVE•added 2018/10/18 6:29 a.m.•35 views

CVE-2018-18460

XSS exists in the wp-live-chat-support v8.0.15 plugin for WordPress via the modules/gdpr.php term parameter in a wp-admin/admin.php wplivechat-menu-gdpr-page request.

6.1CVSS6AI score0.00288EPSS