WordPress Plugin Vulnerabilities

WP Live Chat Support < 6.2.02 - Stored Cross-Site Scripting

Description

The 3CX Live Chat WordPress plugin was affected by a Stored Cross-Site Scripting security vulnerability.

Affects Plugins

Plugin icon
wp-live-chat-support
Fixed in 6.2.02

References

CVE
CVE-2016-10879
URL
https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_in_wp_live_chat_support_plugin.html
URL
https://seclists.org/fulldisclosure/2016/Jul/24

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
firefart
Submitter website
https://firefart.at/
Submitter twitter
_FireFart_
Verified
No
WPVDB ID
d6daabea-5e19-4c20-b13a-5d34f6f3a0eb

Timeline

Publicly Published
2016-07-11 (about 9 years ago)
Added
2016-07-11 (about 9 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2023-07-17
Title
Quiz And Survey Master < 8.1.11 - Contributor+ Stored XSS
Published
2016-11-08
Title
Quotes Collection <= 2.0.5 - Reflected Cross-Site Scripting (XSS)
Published
2021-09-08
Title
simpleSAMLphp Authentication <= 0.7.0 - Reflected Cross-Site Scripting
Published
2025-09-10
Title
Resca < 3.0.3 - Reflected Cross-Site Scripting
Published
2023-05-15
Title
Survey Maker < 3.4.7 - Reflected XSS