3cx: >> Live Chat Security Vulnerabilities
There is stored cross site scripting in the wp-live-chat-support plugin before 8.0.08 for WordPress via the "name" (aka wplc_name) and "email" (aka wplc_email) input fields to wp-json/wp_live_chat_support/v1/start_chat whenever a malicious attacker would initiate a new chat with an administrator. NOTE: this issue exists because of an incomplete fix for CVE-2018-9864.
CVSS Score
6.1
EPSS Score
0.004
Published
2018-05-15
The WP Live Chat Support plugin before 8.0.06 for WordPress has stored XSS via the Name field.
CVSS Score
6.1
EPSS Score
0.004
Published
2018-04-09
Cross-site scripting vulnerability in WP Live Chat Support prior to version 7.0.07 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-06-09
Page 2