WP Live Chat Support < 7.0.07 – Cross-Site Scripting (XSS) | CVE 2017-2187

Affects Plugins

wp-live-chat-support

Fixed in 7.0.07

References

CVE

CVE-2017-2187

URL

https://rastating.github.io/wp-live-chat-support-7-0-06-reflected-xss

URL

https://plugins.trac.wordpress.org/changeset/1658232/

URL

https://jvn.jp/en/jp/JVN70951878/index.html

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.1 (medium)

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter

ethicalhack3r

Verified

No

WPVDB ID

1074194e-3b81-4d7b-8745-c93cdba3afaa

Timeline

Publicly Published

2017-06-01 (about 9 years ago)

Added

2017-06-12 (about 8 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2023-08-18

Title

WPPizza < 3.17.2 - Reflected XSS

Published

2026-02-18

Title

Official StatCounter Plugin < 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Nickname

Published

2021-12-28

Title

WOOF - Products Filter for WooCommerce < 1.2.6.3 - Reflected Cross-Site Scripting

Published

2025-04-16

Title

Checkout for PayPal < 1.0.39 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2025-07-15

Title

ProfileGrid – User Profiles, Groups and Communities < 5.9.5.5 - Reflected Cross-Site Scripting via 'pm_get_messenger_notification' function