| CVE-2025-11762 | HubSpot All-In-One Marketing - Forms, Popups, Live Chat <= 11.3.32 - Missing Authorization to Authenticated (Contributor+) Installed Plugin Disclosure | hubspotdev | HubSpot All-In-One Marketing – Forms, Popups, Live Chat | Medium | 4.3 | 2026-04-24 07:45:07 | Deep Dive |
| CVE-2026-4074 | Quran Live Multilanguage <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes | karim42 | Quran Live Multilanguage | Medium | 6.4 | 2026-04-22 07:45:39 | Deep Dive |
| CVE-2026-25456 | WordPress Automated FedEx live/manual rates with shipping labels plugin <= 5.1.9 - Broken Access Control vulnerability | Aarsiv Groups | Automated FedEx live/manual rates with shipping labels | High | 7.3 | 2026-03-25 16:14:51 | Deep Dive |
| CVE-2025-8899 | Paid Videochat Turnkey Site – HTML5 PPV Live Webcams <= 7.3.20 - Authenticated (Author+) Privilege Escalation | videowhisper | Paid Videochat Turnkey Site – HTML5 PPV Live Webcams | High | 8.8 | 2026-03-07 05:46:46 | Deep Dive |
| CVE-2026-27701 | LiveCodes vulnerable to JavaScript Injection via untrusted PR title in i18n-update-pull workflow | live-codes | livecodes | - | - | 2026-02-25 15:06:18 | Deep Dive |
| CVE-2026-27066 | WordPress Live sales notification for WooCommerce plugin <= 2.3.60 - Broken Access Control vulnerability | PI Web Solution | Live sales notification for WooCommerce | Medium | 5.3 | 2026-02-19 08:27:11 | Deep Dive |
| CVE-2025-12448 | Smartsupp – live chat, AI shopping assistant and chatbots <= 3.9.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting | smartsupp | Smartsupp – live chat, AI shopping assistant and chatbots | Medium | 6.4 | 2026-02-19 03:25:12 | Deep Dive |
| CVE-2019-25352 | Genivia Crystal Live HTTP Server 6.01 - 'Crystal Live HTTP Server' Path Traversal | Genivia Inc. | Crystal Live HTTP Server | High | 7.5 | 2026-02-18 21:54:58 | Deep Dive |
| CVE-2020-37106 | Business Live Chat Software 1.0 - Cross-Site Request Forgery (Add Admin) | Bdtask | Business Live Chat Software | Medium | 5.3 | 2026-02-06 23:14:05 | Deep Dive |
| CVE-2026-0554 | NotificationX <= 3.1.11 - Missing Authorization to Authenticated (Contributor+) Analytics Reset | wpdevteam | NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar | Medium | 4.3 | 2026-01-20 14:26:34 | Deep Dive |
| CVE-2025-15380 | NotificationX <= 3.2.0 - Unauthenticated DOM-Based Cross-Site Scripting via 'nx-preview' | wpdevteam | NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar | High | 7.2 | 2026-01-20 14:26:34 | Deep Dive |
| CVE-2026-1011 | Stored Cross-Site Scripting in Altium Live Support Center Comment Endpoint | Altium | Altium Live | Medium | 6.1 | 2026-01-15 23:08:01 | Deep Dive |
| CVE-2026-1009 | Stored Cross-Site Scripting in Altium Live Forum Leading to Cross-Customer Data Exposure | Altium | Altium Live | Critical | 9.0 | 2026-01-15 22:51:32 | Deep Dive |
| CVE-2026-1008 | Stored Cross-Site Scripting in Altium Live User Profile Fields | Altium | Altium Live | High | 7.6 | 2026-01-15 22:24:16 | Deep Dive |
| CVE-2025-62193 | NOAA PMEL Live Access Server (LAS) PyFerret command injection | National Oceanic and Atmospheric Administration (NOAA) | Live Access Server (LAS) | Critical | 9.8 | 2026-01-15 16:44:16 | Deep Dive |
| CVE-2025-13887 | AI BotKit <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes | wisdmlabs | AI ChatBot for WordPress by AI BotKit – Live in 2 Minutes, No Code | Medium | 6.4 | 2026-01-07 09:20:56 | Deep Dive |
| CVE-2025-23608 | WordPress LIVE TV plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability | Omar Mohamed Mohamoud | LIVE TV | High | 7.1 | 2025-12-31 17:07:06 | Deep Dive |
| CVE-2025-62080 | WordPress Live Shopping & Shoppable Videos For WooCommerce plugin <= 2.2.0 - Cross Site Request Forgery (CSRF) vulnerability | Channelize.io Team | Live Shopping & Shoppable Videos For WooCommerce | Medium | 4.3 | 2025-12-31 15:44:46 | Deep Dive |
| CVE-2025-62081 | WordPress Live Shopping & Shoppable Videos For WooCommerce plugin <= 2.2.0 - Broken Access Control vulnerability | Channelize.io Team | Live Shopping & Shoppable Videos For WooCommerce | Medium | 5.3 | 2025-12-31 15:00:19 | Deep Dive |
| CVE-2025-68598 | WordPress Page Builder: Live Composer plugin <= 2.1.13 - Cross Site Scripting (XSS) vulnerability | LiveComposer | Page Builder: Live Composer | Medium | 6.5 | 2025-12-24 13:10:46 | Deep Dive |