| CVE-2025-31596 | WordPress Chat by Chatwee plugin <= 2.1.3 - Broken Access Control vulnerability | Chatwee | Chat by Chatwee | Medium | 4.3 | 2025-03-31 12:55:32 | Deep Dive |
| CVE-2025-31092 | WordPress Click to Chat – WP Support All-in-One Floating Widget plugin <= 2.3.4 - Cross Site Scripting (XSS) vulnerability | Ninja Team | Click to Chat – WP Support All-in-One Floating Widget | Medium | 6.5 | 2025-03-27 23:21:02 | Deep Dive |
| CVE-2025-26542 | WordPress Zalo Live Chat Plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability | Dang Ngoc Binh | Zalo Live Chat | High | 7.1 | 2025-03-26 14:24:19 | Deep Dive |
| CVE-2024-11441 | Stored XSS in Serge in serge-chat/serge | serge-chat | serge-chat/serge | 中危 | - | 2025-03-20 10:08:47 | Deep Dive |
| CVE-2025-28925 | WordPress WATI Chat and Notification plugin <= 1.1.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerability | Hieu Nguyen | WATI Chat and Notification | High | 7.1 | 2025-03-11 21:01:05 | Deep Dive |
| CVE-2024-13697 | Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss <= 2.7.4 - Unauthenticated Limited Server-Side Request Forgery in nice_links | wordplus | Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages | Medium | 4.8 | 2025-03-01 08:23:21 | Deep Dive |
| CVE-2024-13611 | Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss <= 2.6.9 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory | wordplus | Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages | High | 7.5 | 2025-03-01 08:23:20 | Deep Dive |
| CVE-2025-1450 | Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button, WhatsApp – Chaty <= 3.3.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting | premio | Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty | Medium | 6.4 | 2025-02-27 09:21:49 | Deep Dive |
| CVE-2024-13736 | Pure Chat – Live Chat & More! <= 2.4 - Reflected Cross-Site Scripting via purechatWidgetName Parameter | pure-chat | Pure Chat – Live Chat & More! | Medium | 6.1 | 2025-02-19 07:32:14 | Deep Dive |
| CVE-2025-0822 | Bit Assist <= 1.5.2 - Path Traversal to Authenticated (Subscriber+) Arbitrary File Read via fileID Parameter | bitpressadmin | Chat Widget: Floating Customer Support Button for 30+ Channels, Supporting SMS, Calls, and Chat – Bit Assist | Medium | 6.5 | 2025-02-15 12:43:03 | Deep Dive |
| CVE-2024-13791 | Bit Assist <= 1.5.2 - Path Traversal to Authenticated (Administrator+) Arbitrary File Read via downloadResponseFile Function | bitpressadmin | Chat Widget: Floating Customer Support Button for 30+ Channels, Supporting SMS, Calls, and Chat – Bit Assist | Medium | 4.9 | 2025-02-14 11:10:58 | Deep Dive |
| CVE-2025-0821 | Bit Assist <= 1.5.2 - Authenticated (Subscriber+) SQL Injection via id Parameter | bitpressadmin | Chat Widget: Floating Customer Support Button for 30+ Channels, Supporting SMS, Calls, and Chat – Bit Assist | Medium | 6.5 | 2025-02-14 11:10:58 | Deep Dive |
| CVE-2025-25138 | WordPress On Page SEO + Social Live Chat (Formerly OPS) plugin <= 2.0.0 - CSRF to Stored XSS vulnerability | Rishi | On Page SEO + Whatsapp Chat Button | High | 7.1 | 2025-02-07 10:11:52 | Deep Dive |
| CVE-2025-22292 | WordPress Powerful Auto Chat plugin <= 1.9.8 - Cross Site Scripting (XSS) vulnerability | Felipe Peixoto | Powerful Auto Chat | Medium | 6.5 | 2025-02-03 14:23:51 | Deep Dive |
| CVE-2025-0967 | code-projects Chat System add_chatroom.php sql injection | code-projects | Chat System | Medium | 6.3 | 2025-02-02 15:31:04 | Deep Dive |
| CVE-2024-13612 | Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | wordplus | Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages | Medium | 6.4 | 2025-02-01 12:21:31 | Deep Dive |
| CVE-2025-0882 | code-projects Chat System addnewmember.php sql injection | code-projects | Chat System | Medium | 6.3 | 2025-01-30 21:00:17 | Deep Dive |
| CVE-2024-12451 | HTML5 chat <= 1.07 - Authenticated (Contributor+) Stored Cross-Site Scripting | proxymis | HTML5 Chat | Medium | 6.4 | 2025-01-30 13:42:06 | Deep Dive |
| CVE-2024-13646 | Single-user-chat <= 0.5 - Authenticated (Subscriber+) Limited Options Update | aakashbhagat23 | Single-user-chat | High | 8.1 | 2025-01-30 13:42:04 | Deep Dive |
| CVE-2025-0531 | code-projects Chat System leaveroom.php sql injection | code-projects | Chat System | Medium | 6.3 | 2025-01-17 16:00:19 | Deep Dive |