Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Livesupporti Subscribe
Filtered by product Free Live Chat Support
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-2039 1 Livesupporti 1 Free Live Chat Support 2022-07-25 N/A 8.8 HIGH
The Free Live Chat Support plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.11. This is due to missing nonce protection on the livesupporti_settings() function found in the ~/livesupporti.php file. This makes it possible for unauthenticated attackers to inject malicious web scripts into the page, granted they can trick a site's administrator into performing an action such as clicking on a link.