| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-11576 | AI Chatbot Free Models – Customer Support, Live Chat, Virtual Assistant <= 1.6.5 - Unauthenticated CSV Injection | newcodebyte | AI Chatbot Free Models – Customer Support, Live Chat, Virtual Assistant | Medium | 4.3 | 2025-10-24 12:29:57 | Deep Dive |
| CVE-2025-58688 | WordPress Casengo Live Chat Support Plugin <= 2.1.4 - Cross Site Request Forgery (CSRF) Vulnerability | Casengo | Casengo Live Chat Support | High | 7.1 | 2025-09-22 18:22:42 | Deep Dive |
| CVE-2025-5018 | Hive Support <= 1.2.5 - Authenticated (Subscriber+) Missing Authorization via hs_update_ai_chat_settings and hive_lite_support_get_all_binbox | hivesupport | Hive Support | AI-Powered Help Desk, Live Chat and Chatbot | High | 7.1 | 2025-06-06 06:42:51 | Deep Dive |
| CVE-2025-5019 | Hive Support <= 1.2.5 - Cross-Site Request Forgery via hs_update_ai_chat_settings Function | hivesupport | Hive Support | AI-Powered Help Desk, Live Chat and Chatbot | Medium | 5.4 | 2025-06-06 06:42:49 | Deep Dive |
| CVE-2025-0822 | Bit Assist <= 1.5.2 - Path Traversal to Authenticated (Subscriber+) Arbitrary File Read via fileID Parameter | bitpressadmin | Chat Widget: Floating Customer Support Button for 30+ Channels, Supporting SMS, Calls, and Chat – Bit Assist | Medium | 6.5 | 2025-02-15 12:43:03 | Deep Dive |
| CVE-2024-13791 | Bit Assist <= 1.5.2 - Path Traversal to Authenticated (Administrator+) Arbitrary File Read via downloadResponseFile Function | bitpressadmin | Chat Widget: Floating Customer Support Button for 30+ Channels, Supporting SMS, Calls, and Chat – Bit Assist | Medium | 4.9 | 2025-02-14 11:10:58 | Deep Dive |
| CVE-2025-0821 | Bit Assist <= 1.5.2 - Authenticated (Subscriber+) SQL Injection via id Parameter | bitpressadmin | Chat Widget: Floating Customer Support Button for 30+ Channels, Supporting SMS, Calls, and Chat – Bit Assist | Medium | 6.5 | 2025-02-14 11:10:58 | Deep Dive |
| CVE-2023-51361 | WordPress Sticky Chat Widget Plugin <= 1.1.8 is vulnerable to Cross Site Scripting (XSS) | Ginger Plugins | Sticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat and Live Support Button | Medium | 5.9 | 2023-12-29 11:01:30 | Deep Dive |
| CVE-2023-51371 | WordPress Bit Assist Plugin <= 1.1.9 is vulnerable to Cross Site Scripting (XSS) | Bit Assist | Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating Chat Widget | Medium | 5.9 | 2023-12-29 10:58:40 | Deep Dive |
| CVE-2022-2039 | Free Live Chat Support <= 1.0.11 - Cross-Site Request Forgery to Cross-Site Scripting | livesupporti | Free Live Chat Support | High | 8.8 | 2022-07-18 16:12:50 | Deep Dive |
| CVE-2020-5642 | Live support 跨站请求伪造漏洞 | onWebChat | Live Chat - Live support | 高危 | - | 2020-10-15 02:20:15 | Deep Dive |
| CVE-2017-2187 | WP Live Chat Support 跨站脚本漏洞 | CODECABIN_ | WP Live Chat Support | 中危 | - | 2017-06-09 16:00:00 | Deep Dive |