threat
engine
.sh
Back
·
··:··
Home
/
Product
/
3cx live chat
Product
3cx live chat
17 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2023-49821
<= 4.5.15
Cross-Site Request Forgery (CSRF) vulnerability in LiveChat - WP live chat plugin for WordPress.This issue affects LiveCh
5.4
MEDIUM
CVE-2023-23727
< 1.3.1
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Formilla Live Chat by Formilla plugin <= 1.3 versions.
5.9
MEDIUM
CVE-2022-21830
< 1.9.0
A blind self XSS vulnerability exists in RocketChat LiveChat <v1.9 that could allow an attacker to trick a victim pasting maliciou
6.1
MEDIUM
CVE-2019-12498
< 8.0.33
The WP Live Chat Support plugin before 8.0.33 for WordPress accepts certain REST API calls without invoking the wplc_api_permissio
9.8
CRITICAL
CVE-2014-10386
< 4.1.0
The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScript injections.
6.1
MEDIUM
CVE-2017-18507
< 7.1.05
The wp-live-chat-support plugin before 7.1.05 for WordPress has XSS.
6.1
MEDIUM
CVE-2019-14950
< 8.0.27
The wp-live-chat-support plugin before 8.0.27 for WordPress has XSS via the GDPR page.
6.1
MEDIUM
CVE-2017-18508
< 7.1.03
The wp-live-chat-support plugin before 7.1.03 for WordPress has XSS.
6.1
MEDIUM
CVE-2016-10879
< 6.2.02
The wp-live-chat-support plugin before 6.2.02 for WordPress has XSS.
6.1
MEDIUM
CVE-2019-11185
< 8.0.26
The WP Live Chat Support Pro plugin through 8.0.26 for WordPress contains an arbitrary file upload vulnerability. This results fro
9.8
CRITICAL
CVE-2019-9913
< 8.0.18
The wp-live-chat-support plugin before 8.0.18 for WordPress has wp-admin/admin.php?page=wplivechat-menu-gdpr-page term XSS.
6.1
MEDIUM
CVE-2018-18460
all versions
XSS exists in the wp-live-chat-support v8.0.15 plugin for WordPress via the modules/gdpr.php term parameter in a wp-admin/admin.ph
6.1
MEDIUM
CVE-2018-12426
< 8.0.07
The WP Live Chat Support Pro plugin before 8.0.07 for WordPress is vulnerable to unauthenticated Remote Code Execution due to clie
9.8
CRITICAL
CVE-2018-11105
< 8.0.08
There is stored cross site scripting in the wp-live-chat-support plugin before 8.0.08 for WordPress via the "name" (aka wplc_name)
6.1
MEDIUM
CVE-2018-9864
< 8.0.06
The WP Live Chat Support plugin before 8.0.06 for WordPress has stored XSS via the Name field.
6.1
MEDIUM
CVE-2017-2187
<= 7.0.06
Cross-site scripting vulnerability in WP Live Chat Support prior to version 7.0.07 allows remote attackers to inject arbitrary web
6.1
MEDIUM
CVE-2004-2566
all versions
Multiple cross-site scripting (XSS) vulnerabilities in LiveWorld products, possibly including (1) LiveForum, (2) LiveQ&A, (3) Live
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin