cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forchat-help chat-help

Direction: ascending
Jun 07, 2024

Better Chat Support – Chat Bubble and Chat Button with Gutenberg, Elementor and Shortcode # CVE-2024-32110

CVE, Research URL

CVE-2024-32110

Date
Jun 11, 2026
Research Description
Cross-Site request forgery (CSRF) vulnerability in Magepeople inc. WpEvently allows Cross Site Request Forgery. This issue affects WpEvently: from n/a through 4.1.2.
Affected versions
max 1.6.0.
Status
vulnerable
Dec 11, 2025

Better Chat Support – Chat Bubble and Chat Button with Gutenberg, Elementor and Shortcode # CVE-2025-66099

CVE, Research URL

CVE-2025-66099

Date
Nov 21, 2025
Research Description
Missing Authorization vulnerability in ThemeAtelier Chat Help chat-help allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chat Help: from n/a through <= 3.1.3.
Affected versions
max 3.1.4.
Status
vulnerable
Jun 16, 2026

Better Chat Support &#8211; Chat Bubble and Chat Button with Gutenberg, Elementor and Shortcode # 8a411eca22d919bf26ed921fa3f1bd25a1ede1c6

Date
Nov 18, 2025
Research Description
ChatHelp – Click to Chat Button, Chat to Order, Floating Chat &amp; Form [chat-help] < 3.1.4 Chat Help – Click to Chat Button & Form <= 3.1.3 - Missing Authorization to Unauthenticated Sensitive Information Exposure The Chat Help – Click to Chat Button & Form plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the REST API endpoints /wp-json/chat-help/v1/leads and /wp-json/chat-help/v1/leads/{id}. This is due to the plugin not performing any authentication and authorization checks. This makes it possible for unauthenticated attackers to extract sensitive data including customer names, email addresses, phone numbers, WhatsApp messages, complete geolocation data (IP addresses, city, country, ISP, coordinates), device fingerprinting information (browser, OS, screen resolution), and WordPress account credentials (user IDs, usernames, emails, names) for logged-in users who submit forms.
Affected versions
max 3.1.4.
Status
vulnerable
Jul 13, 2026

Better Chat Support &#8211; Chat Bubble and Chat Button with Gutenberg, Elementor and Shortcode # CVE-2026-15291

CVE, Research URL

CVE-2026-15291

Date
Jul 10, 2026
Research Description
The Chat Help – Click to Chat Button & Form plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the REST API endpoints /wp-json/chat-help/v1/leads and /wp-json/chat-help/v1/leads/{id}. This is due to the plugin not performing any authentication and authorization checks. This makes it possible for unauthenticated attackers to extract sensitive data including customer names, email addresses, phone numbers, WhatsApp messages, complete geolocation data (IP addresses, city, country, ISP, coordinates), device fingerprinting information (browser, OS, screen resolution), and WordPress account credentials (user IDs, usernames, emails, names) for logged-in users who submit forms.
Affected versions
max 3.1.4.
Status
vulnerable