Vulnerabilities > 3CX > Live Chat > 8.0.15
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-03-20 | CVE-2019-12498 | Missing Authorization vulnerability in 3CX Live Chat The WP Live Chat Support plugin before 8.0.33 for WordPress accepts certain REST API calls without invoking the wplc_api_permission_check protection mechanism. | 9.8 |
2019-08-12 | CVE-2019-14950 | Cross-site Scripting vulnerability in 3CX Live Chat The wp-live-chat-support plugin before 8.0.27 for WordPress has XSS via the GDPR page. | 6.1 |
2019-06-03 | CVE-2019-11185 | Unrestricted Upload of File with Dangerous Type vulnerability in 3CX Live Chat The WP Live Chat Support Pro plugin through 8.0.26 for WordPress contains an arbitrary file upload vulnerability. | 9.8 |
2019-03-22 | CVE-2019-9913 | Cross-site Scripting vulnerability in 3CX Live Chat The wp-live-chat-support plugin before 8.0.18 for WordPress has wp-admin/admin.php?page=wplivechat-menu-gdpr-page term XSS. | 6.1 |
2018-10-18 | CVE-2018-18460 | Cross-site Scripting vulnerability in 3CX Live Chat 8.0.15 XSS exists in the wp-live-chat-support v8.0.15 plugin for WordPress via the modules/gdpr.php term parameter in a wp-admin/admin.php wplivechat-menu-gdpr-page request. | 6.1 |