Lucene search
K
3cxLive Chat

13 matches found

CVE
CVE
added 2019/06/03 8:34 p.m.161 views

CVE-2019-11185

The CVE-2019-11185 entry affects the WordPress WP Live Chat Support Pro plugin up to version 8.0.26. The vulnerability is an arbitrary file upload in the REST API endpoint remote_upload, caused by an incomplete patch for CVE-2018-12426. An unauthenticated attacker can bypass MIME checks by using ...

9.8CVSS9.4AI score0.04349EPSS
CVE
CVE
added 2020/03/20 6:37 p.m.154 views

CVE-2019-12498

The CVE-2019-12498 entry affects the WordPress WP Live Chat Support plugin, where versions prior to 8.0.33 allow unauthenticated REST API access because the wplc_api_permission_check protection is not invoked. Public sources (NVD, Red Hat, CVE lists) describe this as an API-authentication bypass ...

9.8CVSS9.5AI score0.01995EPSS
CVE
CVE
added 2018/07/02 5:0 p.m.70 views

CVE-2018-12426

The CVE-2018-12426 entry concerns the WP Live Chat Support Pro WordPress plugin prior to version 8.0.07, vulnerable to unauthenticated remote code execution via crafted file uploads. Root cause per connected docs: the plugin validates file types on the client side and uses MIME checks that can be...

9.8CVSS9.6AI score0.05062EPSS
Web
CVE
CVE
added 2017/06/09 4:0 p.m.66 views

CVE-2017-2187

CVE-2017-2187 describes a cross-site scripting vulnerability in WordPress plugin WP Live Chat Support prior to version 7.0.07 . The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The affected component is the plugin’s frontend handling which can exec...

6.1CVSS6AI score0.01293EPSS
CVE
CVE
added 2018/05/15 3:0 p.m.66 views

CVE-2018-11105

CVE-2018-11105 describes a stored cross-site scripting (XSS) vulnerability in the WordPress WP Live Chat Support plugin for versions prior to 8.0.08. The flaw allows injection via the name (wplc_name) and email (wplc_email) fields to the API endpoint /wp-json/wp_live_chat_support/v1/start_chat wh...

6.1CVSS6.1AI score0.01098EPSS
Web
CVE
CVE
added 2019/08/12 2:44 p.m.65 views

CVE-2016-10879

CVE-2016-10879 concerns the WordPress plugin wp-live-chat-support prior to version 6.2.02, which is reported to be vulnerable to cross-site scripting (XSS). The available connected sources describe the issue as caused by a lack of proper validation of client-side data in the plugin, enabling pote...

6.1CVSS6.4AI score0.0093EPSS
CVE
CVE
added 2019/08/13 4:34 p.m.65 views

CVE-2017-18507

CVE-2017-18507 affects the WordPress plugin "wp-live-chat-support" prior to version 7.1.05. The vulnerability is described as a cross-site scripting (XSS) issue in the plugin, allowing an attacker to execute client-side code. The root cause is not explicitly detailed in the provided documents bey...

6.1CVSS6.4AI score0.00915EPSS
CVE
CVE
added 2019/08/22 7:5 p.m.63 views

CVE-2014-10386

The vulnerability CVE-2014-10386 affects the WordPress wp-live-chat-support plugin prior to version 4.1.0 and involves JavaScript injections. Affected software: wp-live-chat-support plugin for WordPress. Root cause: improper handling of input allowing injection of JavaScript into the plugin’s con...

6.1CVSS6.4AI score0.00913EPSS
CVE
CVE
added 2018/04/09 5:0 p.m.62 views

CVE-2018-9864

CVE-2018-9864 affects the WP Live Chat Support plugin for WordPress (older than 8.0.06). The vulnerability is a stored XSS in the Name field (wplc_name) that could be triggered via wp_json/wp_live_chat_support/v1/start_chat when initiating a chat. Public records show CVSS2 base 4.3 (MEDIUM) and C...

6.1CVSS5.9AI score0.0137EPSS
CVE
CVE
added 2019/08/12 2:49 p.m.61 views

CVE-2017-18508

The wp-live-chat-support WordPress plugin is vulnerable to Cross-Site Scripting (XSS) in all versions prior to 7.1.03. The issue stems from improper validation of client-side data, enabling an attacker to execute arbitrary script in a victim’s browser. Remediation: upgrade to version 7.1.03 or la...

6.1CVSS6.4AI score0.00933EPSS
CVE
CVE
added 2019/08/12 2:50 p.m.60 views

CVE-2019-14950

The wp-live-chat-support plugin for WordPress is affected by an XSS flaw in the GDPR page for versions prior to 8.0.27. The issue arises from insufficient sanitization, enabling execution of arbitrary scripts in the victim’s browser (per 2019 CVE entry and corroborated by the 2025–2026 connected ...

6.1CVSS6AI score0.01211EPSS
CVE
CVE
added 2018/10/18 6:0 a.m.55 views

CVE-2018-18460

CVE-2018-18460 affects the WordPress plugin wp-live-chat-support version 8.0.15 . The vulnerability is a Cross-Site Scripting (XSS) flaw in the file modules/gdpr.php that can be triggered via the parameter term in requests to the admin endpoint /wp-admin/admin.php on the page wplivechat-menu-gdpr...

6.1CVSS6AI score0.01022EPSS
Web
CVE
CVE
added 2019/03/21 11:1 p.m.54 views

CVE-2019-9913

The CVE-2019-9913 entry concerns the WordPress plugin WP Live Chat Support (wp-live-chat-support) prior to version 8.0.18. The vulnerability is a cross-site scripting (XSS) flaw triggered via the term parameter in the admin page at wp-admin/admin.php?page=wplivechat-menu-gdpr-page. The available ...

6.1CVSS6.3AI score0.01377EPSS
Web