Vulnerabilities > Tawk
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-24 | CVE-2024-57026 | Cross-site Scripting vulnerability in Tawk Tawk.To TawkTo Widget Version <= 1.3.7 is vulnerable to Cross Site Scripting (XSS) due to processing user input in a way that allows JavaScript execution. | 6.1 |
| 2021-12-06 | CVE-2021-24914 | Cross-Site Request Forgery (CSRF) vulnerability in Tawk Tawk.To Live Chat The Tawk.To Live Chat WordPress plugin before 0.6.0 does not have capability and CSRF checks in the tawkto_setwidget and tawkto_removewidget AJAX actions, available to any authenticated user. | 8.0 |