ThreatPress

WordPress Vulnerabilities Database

Back

WordPress WP Live Chat Support plugin <=8.0.07 - Authenticated Cross-Site Scripting (XSS) vulnerability

Product
WP Live Chat Support
Description
Authenticated Cross-Site Scripting (XSS) vulnerability found by Riccardo ten Cate in WordPress WP Live Chat Support plugin (versions <=8.0.07).
Solution
Update the WordPress WP Live Chat Support plugin to the latest available version (at least 8.0.08).
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Vulnerability information
Plugin changelog
CVE
Name CVE-2018-10234
Versions
Affected In <=8.0.07
Fixed In 8.0.08
Disclosure date
2018-05-17
Credits
Riccardo ten Cate
Submitter
ThreatPress