WordPress Plugin Vulnerabilities

Live Chat Unlimited <= 2.8.3 - Stored Cross-Site Scripting (XSS)

Description

Weak security measures like bad input field data filtering has been discovered in the 'Live Chat Unlimited'.

Proof of Concept

Affects Plugins

Plugin icon
screets-lcx
Fixed in 2.8.4

References

Exploitdb
47037
URL
https://codecanyon.net/item/wordpress-live-chat-plugin/3952877

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher
m0ze
Submitter
m0ze
Submitter twitter
m0ze_ru
Verified
No
WPVDB ID
5b22fa8d-7ee7-494b-950f-34c19e6fe99f

Timeline

Publicly Published
2019-06-26 (about 6 years ago)
Added
2019-07-02 (about 6 years ago)
Last Updated
2021-01-19 (about 5 years ago)

Other

Published
Title
Published
2024-09-30
Title
Custom Banners <= 3.3 - Reflected Cross-Site Scripting
Published
2024-11-22
Title
HIPAA Compliant Forms with Drag’n’Drop HIPAA Form Builder. Sign HIPAA documents < 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-08-14
Title
DigitalOcean Spaces Sync <= 2.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2023-01-18
Title
MainWP Code Snippets Extension < 4.0.3 - Subscriber+ Stored XSS
Published
2024-02-27
Title
CodeMirror Blocks < 2.0.0 - Contributor+ Stored XSS