13 matches found
CVE-2019-11185
The CVE-2019-11185 entry affects the WordPress WP Live Chat Support Pro plugin up to version 8.0.26. The vulnerability is an arbitrary file upload in the REST API endpoint remote_upload, caused by an incomplete patch for CVE-2018-12426. An unauthenticated attacker can bypass MIME checks by using ...
CVE-2019-12498
The CVE-2019-12498 entry affects the WordPress WP Live Chat Support plugin, where versions prior to 8.0.33 allow unauthenticated REST API access because the wplc_api_permission_check protection is not invoked. Public sources (NVD, Red Hat, CVE lists) describe this as an API-authentication bypass ...
CVE-2018-12426
The CVE-2018-12426 entry concerns the WP Live Chat Support Pro WordPress plugin prior to version 8.0.07, vulnerable to unauthenticated remote code execution via crafted file uploads. Root cause per connected docs: the plugin validates file types on the client side and uses MIME checks that can be...
CVE-2017-2187
CVE-2017-2187 describes a cross-site scripting vulnerability in WordPress plugin WP Live Chat Support prior to version 7.0.07 . The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The affected component is the plugin’s frontend handling which can exec...
CVE-2018-11105
CVE-2018-11105 describes a stored cross-site scripting (XSS) vulnerability in the WordPress WP Live Chat Support plugin for versions prior to 8.0.08. The flaw allows injection via the name (wplc_name) and email (wplc_email) fields to the API endpoint /wp-json/wp_live_chat_support/v1/start_chat wh...
CVE-2016-10879
CVE-2016-10879 concerns the WordPress plugin wp-live-chat-support prior to version 6.2.02, which is reported to be vulnerable to cross-site scripting (XSS). The available connected sources describe the issue as caused by a lack of proper validation of client-side data in the plugin, enabling pote...
CVE-2017-18507
CVE-2017-18507 affects the WordPress plugin "wp-live-chat-support" prior to version 7.1.05. The vulnerability is described as a cross-site scripting (XSS) issue in the plugin, allowing an attacker to execute client-side code. The root cause is not explicitly detailed in the provided documents bey...
CVE-2014-10386
The vulnerability CVE-2014-10386 affects the WordPress wp-live-chat-support plugin prior to version 4.1.0 and involves JavaScript injections. Affected software: wp-live-chat-support plugin for WordPress. Root cause: improper handling of input allowing injection of JavaScript into the plugin’s con...
CVE-2018-9864
CVE-2018-9864 affects the WP Live Chat Support plugin for WordPress (older than 8.0.06). The vulnerability is a stored XSS in the Name field (wplc_name) that could be triggered via wp_json/wp_live_chat_support/v1/start_chat when initiating a chat. Public records show CVSS2 base 4.3 (MEDIUM) and C...
CVE-2017-18508
The wp-live-chat-support WordPress plugin is vulnerable to Cross-Site Scripting (XSS) in all versions prior to 7.1.03. The issue stems from improper validation of client-side data, enabling an attacker to execute arbitrary script in a victim’s browser. Remediation: upgrade to version 7.1.03 or la...
CVE-2019-14950
The wp-live-chat-support plugin for WordPress is affected by an XSS flaw in the GDPR page for versions prior to 8.0.27. The issue arises from insufficient sanitization, enabling execution of arbitrary scripts in the victim’s browser (per 2019 CVE entry and corroborated by the 2025–2026 connected ...
CVE-2018-18460
CVE-2018-18460 affects the WordPress plugin wp-live-chat-support version 8.0.15 . The vulnerability is a Cross-Site Scripting (XSS) flaw in the file modules/gdpr.php that can be triggered via the parameter term in requests to the admin endpoint /wp-admin/admin.php on the page wplivechat-menu-gdpr...
CVE-2019-9913
The CVE-2019-9913 entry concerns the WordPress plugin WP Live Chat Support (wp-live-chat-support) prior to version 8.0.18. The vulnerability is a cross-site scripting (XSS) flaw triggered via the term parameter in the admin page at wp-admin/admin.php?page=wplivechat-menu-gdpr-page. The available ...