WordPress Plugin Vulnerabilities

WP Live Chat Support < 8.0.08 - Cross-Site Scripting (XSS)

Description

The 3CX Live Chat WordPress plugin was affected by a Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
wp-live-chat-support
Fixed in 8.0.08

References

CVE
CVE-2018-10234
URL
https://github.com/RiieCco/write-ups/tree/master/CVE-2018-11105
URL
https://plugins.trac.wordpress.org/changeset/1874093/wp-live-chat-support

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.8 (medium)

Miscellaneous

Submitter
Ryan
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
0df5c464-833e-4042-a9ec-ceeb72d49185

Timeline

Publicly Published
2018-05-15 (about 7 years ago)
Added
2018-05-16 (about 7 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2021-04-16
Title
SEO Redirection < 7.1 - Authenticated Stored Cross-Site Scripting (XSS)
Published
2022-02-07
Title
TaxoPress < 3.4.5 - Reflected Cross-Site Scripting
Published
2023-05-22
Title
Novelist < 1.2.1 - Admin+ Stored XSS
Published
2026-01-20
Title
NotificationX < 3.2.1 - Unauthenticated DOM-Based Cross-Site Scripting via 'nx-preview'
Published
2024-04-24
Title
Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More < 3.7.1 - Contributor+ Stored Cross-Site Scripting via Widget Post Overlay