ThreatPress

WordPress Vulnerabilities Database

Back

WordPress WP Live Chat Support plugin <= 8.0.26 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Product
WP Live Chat Support
Description
Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability found by John Castro (Sucuri) in WordPress WP Live Chat Support plugin (versions <= 8.0.26).
Solution
21 May 2019 - This plugin has been closed for new installations.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <= 8.0.26
Disclosure date
2019-05-21
Credits
John Castro (Sucuri)
Submitter
ThreatPress