CVE-2018-9864
published 2018-04-09CVE-2018-9864: The WP Live Chat Support plugin before 8.0.06 for WordPress has stored XSS via the Name field.
PriorityP425medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EPSS
1.37%
68.5th percentile
The WP Live Chat Support plugin before 8.0.06 for WordPress has stored XSS via the Name field.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 3cx | live_chat | < 8.0.06 | 8.0.06 |
| 3cx | live_chat | < 8.0.08 | 8.0.08 |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8qw3-4qpj-p88r: There is stored cross site scripting in the wp-live-chat-support plugin before 8
ghsa_unreviewed·2022-05-14·CVSS 6.1
CVE-2018-11105 [MEDIUM] CWE-79 GHSA-8qw3-4qpj-p88r: There is stored cross site scripting in the wp-live-chat-support plugin before 8
There is stored cross site scripting in the wp-live-chat-support plugin before 8.0.08 for WordPress via the "name" (aka wplc_name) and "email" (aka wplc_email) input fields to wp-json/wp_live_chat_support/v1/start_chat whenever a malicious attacker would initiate a new chat with an administrator. NOTE: this issue exists because of an incomplete fix for CVE-2018-9864.
GHSA
GHSA-542f-58pj-42gq: The WP Live Chat Support plugin before 8
ghsa_unreviewed·2022-05-14
CVE-2018-9864 [MEDIUM] CWE-79 GHSA-542f-58pj-42gq: The WP Live Chat Support plugin before 8
The WP Live Chat Support plugin before 8.0.06 for WordPress has stored XSS via the Name field.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://wordpress.org/plugins/wp-live-chat-support/#developershttps://www.gubello.me/blog/wp-live-chat-support-8-0-05-stored-xss/https://www.youtube.com/watch?v=eHG1pWaez9whttps://wordpress.org/plugins/wp-live-chat-support/#developershttps://www.gubello.me/blog/wp-live-chat-support-8-0-05-stored-xss/https://www.youtube.com/watch?v=eHG1pWaez9w
2018-04-09
Published