🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

3CX Free Live Chat, Calls & WhatsApp

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > 3CX Free Live Chat, Calls & WhatsApp

Information

Software Type	Plugin
Software Slug	wp-live-chat-support (view on wordpress.org)
Software Status	Active
Software Author	wp-livechat
Software Website	www.3cx.com
Software Downloads	2,968,222
Software Active Installs	40,000
Software Record Last Updated	May 14, 2024

15 Vulnerabilities

3CX Live Chat <= 9.4.2 - Local File Inclusion

8.8

CVE ID Unknown

Apr 28, 2022

Researcher: Moucadel Matthieu

WP Live Chat Support <= 8.1.9 - Stored Cross-Site Scripting

5.4

CVE ID Unknown

Jul 12, 2020

Researcher: Chevon Phillip

WP Live Chat Support <= 8.0.32 - Unprotected Functions

9.8

CVE-2019-12498

May 31, 2019

Researchers:

WP Live Chat Support <= 8.0.27 - Unauthenticated Stored Cross-Site Scripting

6.1

CVE-2019-14950

May 15, 2019

Researcher: John Castro

WP Live Chat Support <= 8.0.17 - Cross-Site Scripting

6.1

CVE-2019-9913

Feb 5, 2019

Researchers:

WP Live Chat Support <= 8.0.15 - Cross-Site Scripting

6.1

CVE-2018-18460

Oct 17, 2018

Researcher: rakjong

3CX Live Chat <= 8.0.07 - Cross-Site Scripting

6.1

CVE-2018-11105

Jul 2, 2018

Researcher: RiieCco

WP Live Chat Support <= 8.0.05 - Stored Cross-Site Scripting

6.1

CVE-2018-9864

Apr 9, 2018

Researcher: Luigi Gubello

WP Live Chat Support <= 7.1.04 - Cross-Site Scripting

6.1

CVE-2017-18507

Aug 2, 2017

Researcher: Omaid Faizyar

WP Live Chat Support <= 7.1.02 - Cross-Site Scripting

6.1

CVE-2017-18508

Jul 10, 2017

Researchers:

WP Live Chat Support <= 7.0.06 - Cross-Site Scripting

6.1

CVE-2017-2187

May 16, 2017

Researcher: Chris Liu

3CX Free Live Chat <= 6.2.03 - Unauthenticated Stored Cross-Site Scripting

6.1

CVE-2016-10879

Aug 1, 2016

Researchers:

WP Live Chat Support <= 4.3.5 - Blind SQL Injection

9.8

CVE ID Unknown

Jul 6, 2015

Researcher: Marcin Probola

WP Live Chat Support <= 4.3.5 - Stored Cross-site Scripting

6.4

CVE ID Unknown

Jul 6, 2015

Researcher: Marcin Probola

WP Live Chat Support < 4.1.0 - JavaScript Code Injection

6.1

CVE-2014-10386

Jul 20, 2014

Researcher: Patrik

Title	Status	CVE ID	CVSS	Researchers	Date
3CX Live Chat <= 9.4.2 - Local File Inclusion	Patched		8.8	Moucadel Matthieu	April 28, 2022
WP Live Chat Support <= 8.1.9 - Stored Cross-Site Scripting	Patched		5.4	Chevon Phillip	July 12, 2020
WP Live Chat Support <= 8.0.32 - Unprotected Functions	Patched	CVE-2019-12498	9.8		May 31, 2019
WP Live Chat Support <= 8.0.27 - Unauthenticated Stored Cross-Site Scripting	Patched	CVE-2019-14950	6.1	John Castro	May 15, 2019
WP Live Chat Support <= 8.0.17 - Cross-Site Scripting	Patched	CVE-2019-9913	6.1		February 5, 2019
WP Live Chat Support <= 8.0.15 - Cross-Site Scripting	Patched	CVE-2018-18460	6.1	rakjong	October 17, 2018
3CX Live Chat <= 8.0.07 - Cross-Site Scripting	Patched	CVE-2018-11105	6.1	RiieCco	July 2, 2018
WP Live Chat Support <= 8.0.05 - Stored Cross-Site Scripting	Patched	CVE-2018-9864	6.1	Luigi Gubello	April 9, 2018
WP Live Chat Support <= 7.1.04 - Cross-Site Scripting	Patched	CVE-2017-18507	6.1	Omaid Faizyar	August 2, 2017
WP Live Chat Support <= 7.1.02 - Cross-Site Scripting	Patched	CVE-2017-18508	6.1		July 10, 2017
WP Live Chat Support <= 7.0.06 - Cross-Site Scripting	Patched	CVE-2017-2187	6.1	Chris Liu	May 16, 2017
3CX Free Live Chat <= 6.2.03 - Unauthenticated Stored Cross-Site Scripting	Patched	CVE-2016-10879	6.1		August 1, 2016
WP Live Chat Support <= 4.3.5 - Blind SQL Injection	Patched		9.8	Marcin Probola	July 6, 2015
WP Live Chat Support <= 4.3.5 - Stored Cross-site Scripting	Patched		6.4	Marcin Probola	July 6, 2015
WP Live Chat Support < 4.1.0 - JavaScript Code Injection	Patched	CVE-2014-10386	6.1	Patrik	July 20, 2014

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation