Back to search
CVE-2018-11105
Published: May 15, 2018
Modified: Aug 5, 2024
PUBLISHED
Description
There is stored cross site scripting in the wp-live-chat-support plugin before 8.0.08 for WordPress via the "name" (aka wplc_name) and "email" (aka wplc_email) input fields to wp-json/wp_live_chat_support/v1/start_chat whenever a malicious attacker would initiate a new chat with an administrator. NOTE: this issue exists because of an incomplete fix for CVE-2018-9864.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://wordpress.org/plugins/wp-live-chat-support/#developers
x_refsource_MISC
https://github.com/RiieCco/write-ups/tree/master/CVE-2018-11105
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now