| CVE-2024-13611 | Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss <= 2.6.9 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory | wordplus | Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages | High | 7.5 | 2025-03-01 08:23:20 | Deep Dive |
| CVE-2024-13736 | Pure Chat – Live Chat & More! <= 2.4 - Reflected Cross-Site Scripting via purechatWidgetName Parameter | pure-chat | Pure Chat – Live Chat & More! | Medium | 6.1 | 2025-02-19 07:32:14 | Deep Dive |
| CVE-2025-0822 | Bit Assist <= 1.5.2 - Path Traversal to Authenticated (Subscriber+) Arbitrary File Read via fileID Parameter | bitpressadmin | Chat Widget: Floating Customer Support Button for 30+ Channels, Supporting SMS, Calls, and Chat – Bit Assist | Medium | 6.5 | 2025-02-15 12:43:03 | Deep Dive |
| CVE-2024-13791 | Bit Assist <= 1.5.2 - Path Traversal to Authenticated (Administrator+) Arbitrary File Read via downloadResponseFile Function | bitpressadmin | Chat Widget: Floating Customer Support Button for 30+ Channels, Supporting SMS, Calls, and Chat – Bit Assist | Medium | 4.9 | 2025-02-14 11:10:58 | Deep Dive |
| CVE-2025-0821 | Bit Assist <= 1.5.2 - Authenticated (Subscriber+) SQL Injection via id Parameter | bitpressadmin | Chat Widget: Floating Customer Support Button for 30+ Channels, Supporting SMS, Calls, and Chat – Bit Assist | Medium | 6.5 | 2025-02-14 11:10:58 | Deep Dive |
| CVE-2024-13612 | Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | wordplus | Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages | Medium | 6.4 | 2025-02-01 12:21:31 | Deep Dive |
| CVE-2024-12464 | Chatroll Live Chat <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | chatroll | Chatroll Live Chat | Medium | 6.4 | 2025-01-07 05:23:55 | Deep Dive |
| CVE-2024-12541 | Chative Live chat and Chatbot <= 1.1 - Cross-Site Request Forgery via add_chative_widget_action Function | chative | Chative Live chat and Chatbot | Medium | 5.4 | 2025-01-07 03:21:56 | Deep Dive |
| CVE-2024-38790 | WordPress Smartsupp plugin <= 3.6 - Cross Site Request Forgery (CSRF) vulnerability | Smartsupp | Smartsupp – live chat, chatbots, AI and lead generation | Medium | 6.5 | 2025-01-02 12:01:09 | Deep Dive |
| CVE-2023-45828 | WordPress RumbleTalk Live Group Chat plugin <= 6.2.5 - Broken Access Control vulnerability | RumbleTalk | RumbleTalk Live Group Chat | 中危 | - | 2025-01-02 11:59:56 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2020-36838 | Facebook Chat Plugin <= 1.5 - Missing Capabilities Check | facebook | Facebook Chat Plugin – Live Chat Plugin for WordPress | High | 7.4 | 2024-10-16 06:43:28 | Deep Dive |
| CVE-2024-8720 | RumbleTalk Live Group Chat – HTML5 <= 6.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | rumbletalk | RumbleTalk Live Group Chat – HTML5 | Medium | 6.4 | 2024-10-01 07:30:12 | Deep Dive |
| CVE-2024-5879 | HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics <= 11.1.22 - Authenticated (Contributor+) Stored Cross-Site Scripting via HubSpot Meeting Widget | hubspotdev | HubSpot All-In-One Marketing – Forms, Popups, Live Chat | Medium | 6.4 | 2024-08-30 04:29:57 | Deep Dive |
| CVE-2024-3595 | Pure Chat – Live Chat Plugin & More! <= 2.22 - Authenticated (Subscriber+) Stored Cross-Site Scripting | pure-chat | Pure Chat – Live Chat & More! | Medium | 6.4 | 2024-05-09 20:03:29 | Deep Dive |
| CVE-2023-51361 | WordPress Sticky Chat Widget Plugin <= 1.1.8 is vulnerable to Cross Site Scripting (XSS) | Ginger Plugins | Sticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat and Live Support Button | Medium | 5.9 | 2023-12-29 11:01:30 | Deep Dive |
| CVE-2023-51371 | WordPress Bit Assist Plugin <= 1.1.9 is vulnerable to Cross Site Scripting (XSS) | Bit Assist | Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating Chat Widget | Medium | 5.9 | 2023-12-29 10:58:40 | Deep Dive |
| CVE-2023-49821 | WordPress LiveChat Plugin <= 4.5.15 is vulnerable to Cross Site Request Forgery (CSRF) | LiveChat | LiveChat – WP live chat plugin for WordPress | Medium | 5.4 | 2023-12-18 22:31:10 | Deep Dive |
| CVE-2023-49168 | WordPress BP Better Messages Plugin <= 2.4.0 is vulnerable to Cross Site Scripting (XSS) | WordPlus | Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss | Medium | 6.5 | 2023-12-14 14:49:33 | Deep Dive |
| CVE-2023-5740 | Live Chat with Facebook Messenger <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | ninjateam | Live Chat with Facebook Messenger | Medium | 6.4 | 2023-10-24 13:53:01 | Deep Dive |