Every CVE whose affected-product data names 3cx Live Chat, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2019-12498 — CVSS 9.8 (critical): The WP Live Chat Support plugin before 8.0.33 for WordPress accepts certain REST API calls without invoking the wplc_api_permission_check…
CVE-2018-12426 — CVSS 9.8 (critical): The WP Live Chat Support Pro plugin before 8.0.07 for WordPress is vulnerable to unauthenticated Remote Code Execution due to client-side…
CVE-2019-11185 — CVSS 9.8 (critical): The WP Live Chat Support Pro plugin through 8.0.26 for WordPress contains an arbitrary file upload vulnerability. This results from an…
CVE-2017-2187 — CVSS 6.1 (medium): Cross-site scripting vulnerability in WP Live Chat Support prior to version 7.0.07 allows remote attackers to inject arbitrary web script…
CVE-2018-11105 — CVSS 6.1 (medium): There is stored cross site scripting in the wp-live-chat-support plugin before 8.0.08 for WordPress via the "name" (aka wplc_name) and…
CVE-2018-18460 — CVSS 6.1 (medium): XSS exists in the wp-live-chat-support v8.0.15 plugin for WordPress via the modules/gdpr.php term parameter in a wp-admin/admin.php…
CVE-2019-9913 — CVSS 6.1 (medium): The wp-live-chat-support plugin before 8.0.18 for WordPress has wp-admin/admin.php?page=wplivechat-menu-gdpr-page term XSS.