Page 2 of 14 results (0.015 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2

The wp-live-chat-support plugin before 8.0.18 for WordPress has wp-admin/admin.php?page=wplivechat-menu-gdpr-page term XSS. El plugin wp-live-chat-support, en versiones anteriores a la 8.0.18 para WordPress, tiene Cross-Site Scripting (XSS) en term en wp-admin/admin.php?page=wplivechat-menu-gdpr-page. WordPress WP Live Chat plugin version 8.0.18 suffers from a cross site scripting vulnerability. • http://seclists.org/fulldisclosure/2019/Mar/42 https://lists.openwall.net/full-disclosure/2019/02/05/14 https://security-consulting.icu/blog/2019/02/wordpress-wp-livechat-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 1

The WP Live Chat Support Pro plugin before 8.0.07 for WordPress is vulnerable to unauthenticated Remote Code Execution due to client-side validation of allowed file types, as demonstrated by a v1/remote_upload request with a .php filename and the image/jpeg content type. El plugin WP Live Chat Support Pro en versiones anteriores a la 8.0.07 para WordPress es vulnerable a la ejecución remota de código no autenticado debido a la validación del lado del cliente de los tipos de archivo permitidos. Esto queda demostrado por una petición v1/remote_upload con un nombre de archivo .php y el tipo de contenido image/jpeg. • https://github.com/CodeCabin/wp-live-chat-support/blob/master/readme.txt https://github.com/RiieCco/write-ups/tree/master/CVE-2018-12426 https://wpvulndb.com/vulnerabilities/9697 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

There is stored cross site scripting in the wp-live-chat-support plugin before 8.0.08 for WordPress via the "name" (aka wplc_name) and "email" (aka wplc_email) input fields to wp-json/wp_live_chat_support/v1/start_chat whenever a malicious attacker would initiate a new chat with an administrator. NOTE: this issue exists because of an incomplete fix for CVE-2018-9864. Hay Cross-Site Scripting (XSS) persistente en el plugin wp-live-chat-support en versiones anteriores a la 8.0.08 para WordPress mediante los campos de entrada "name" (wplc_name) y "email" (wplc_email) en wp-json/wp_live_chat_support/v1/start_chat cuando un atacante malicioso inicie una nueva conversación con un administrador. NOTA: este problema existe debido a una solución incompleta para CVE-2018-9864. • https://github.com/RiieCco/write-ups/tree/master/CVE-2018-11105 https://wordpress.org/plugins/wp-live-chat-support/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2

The WP Live Chat Support plugin before 8.0.06 for WordPress has stored XSS via the Name field. El plugin WP Live Chat Support en versiones anteriores a la 8.0.06 para WordPress tiene XSS mediante el campo Name. • https://wordpress.org/plugins/wp-live-chat-support/#developers https://www.gubello.me/blog/wp-live-chat-support-8-0-05-stored-xss https://www.youtube.com/watch?v=eHG1pWaez9w • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

The wp-live-chat-support plugin before 7.1.05 for WordPress has XSS. El plugin wp-live-chat-support anterior de 7.1.05 para WordPress tiene XSS. • https://wordpress.org/plugins/wp-live-chat-support/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •