WP Live Chat Support < 6.2.04 – Stored Cross-Site Scripting (XSS)

Affects Plugins

Fixed in 6.2.04

References

URL

https://seclists.org/fulldisclosure/2016/Aug/3

URL

https://sumofpwn.nl/advisory/2016/stored_cross_site_scripting_vulnerability_in_wp_live_chat_support_wordpress_plugin.html

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter

ethicalhack3r

Verified

No

WPVDB ID

5587dc18-d1f3-4c8b-820e-b9315165605f

Timeline

Publicly Published

2016-08-01 (about 9 years ago)

Added

2016-08-02 (about 9 years ago)

Last Updated

2020-03-21 (about 6 years ago)

Other

Published

Title

Published

2023-11-29

Title

Client Dash <= 2.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings

Published

2023-09-12

Title

Funnelforms Free < 3.4 Unauthenticated Stored Cross-Site Scripting

Published

2024-05-06

Title

Image Hover Effects - Elementor Addon < 1.4.2 - Authenticated(Contributor+) DOM-based Stored Cross-Site Scripting via Image Hover Effects Widget

Published

2025-01-23

Title

ProfilePress < 4.15.20 - Admin+ Stored XSS

Published

2025-04-14

Title

Void Elementor WHMCS Elements For Elementor Page Builder <= 2.0.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting