WordPress Plugin Vulnerabilities

WP Live Chat Support < 8.0.27 - Unauthenticated Stored XSS

Description

The 3CX Live Chat WordPress plugin was affected by an Unauthenticated Stored XSS security vulnerability.

Affects Plugins

Plugin icon
wp-live-chat-support
Fixed in 8.0.27

References

CVE
CVE-2019-14950
URL
https://blog.sucuri.net/2019/05/persistent-cross-site-scripting-in-wp-live-chat-support-plugin.html

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
John Castro (Sucuri.net)
Submitter
Ryan Dewhurst
Submitter website
https://wpscan.io
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
bf214e77-1bc4-4ec2-8812-685cdcf98a77

Timeline

Publicly Published
2019-05-15 (about 7 years ago)
Added
2019-05-17 (about 7 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2014-08-01
Title
JS MultiHotel 2.2.1 - refreshDate.php roomid Parameter Reflected XSS
Published
2024-09-09
Title
Starbox < 3.5.3 - Contributor+ Stored XSS
Published
2024-12-24
Title
WP2LEADS < 3.3.4 - Reflected Cross-Site Scripting
Published
2020-12-26
Title
LiteSpeed Cache < 3.6.1 - Authenticated Stored Cross-Site Scripting
Published
2025-10-08
Title
NS Maintenance Mode for WP <= 1.3.1 - Admin+ Stored XSS