Vulnerabilities and security researches forfacebook-messenger-customer-chat facebook-messenger-customer-chat

Jun 07, 2024

CVE, Research URL: 9dd307728bb7202307fda9a0a7e2dabd1e530ba0
Home page URL: Security reports for Facebook Chat Plugin – Live Chat Plugin for WordPress
Application: Facebook Chat Plugin – Live Chat Plugin for WordPress
Date: Aug 04, 2020
Research Description: Facebook Chat Plugin – Live Chat Plugin for WordPress [facebook-messenger-customer-chat] < 1.6 WordPress The Official Facebook Chat Plugin <= 1.5 - Authenticated Options Change vulnerability Authenticated Options Change vulnerability discovered by WordFence in WordPress The Official Facebook Chat Plugin (versions <= 1.5).
Affected versions: max 1.6.
Status: vulnerable

Oct 17, 2024

CVE, Research URL: CVE-2020-36838
Home page URL: Security reports for Facebook Chat Plugin – Live Chat Plugin for WordPress
Application: Facebook Chat Plugin – Live Chat Plugin for WordPress
Date: Oct 16, 2024
Research Description: The Facebook Chat Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_update_options function in versions up to, and including, 1.5. This flaw makes it possible for low-level authenticated attackers to connect their own Facebook Messenger account to any site running the vulnerable plugin and engage in chats with site visitors on affected sites.
Affected versions: max 1.6.
Status: vulnerable

Jun 16, 2026

CVE, Research URL: 207ceacf45badb6362f9180b92f9c6f89ecce69a
Home page URL: Security reports for Facebook Chat Plugin – Live Chat Plugin for WordPress
Application: Facebook Chat Plugin – Live Chat Plugin for WordPress
Date: Jun 17, 2019
Research Description: Facebook Chat Plugin – Live Chat Plugin for WordPress [facebook-messenger-customer-chat] < 1.3 Facebook Chat Plugin <= 1.2 - Cross-Site Request Forgery to Site Settings Changes The Facebook Chat Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to change site settings via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 1.3.
Status: vulnerable

CVE, Research URL: 23428d32-799f-4b01-b782-090dfb0dbb07
Home page URL: Security reports for Facebook Chat Plugin – Live Chat Plugin for WordPress
Application: Facebook Chat Plugin – Live Chat Plugin for WordPress
Date: -
Research Description: Facebook Chat Plugin – Live Chat Plugin for WordPress [facebook-messenger-customer-chat] < 1.3 The Official Facebook Chat Plugin < 1.3 - CSRF The The Official Facebook Chat Plugin WordPress plugin was affected by a CSRF security vulnerability.
Affected versions: max 1.3.
Status: vulnerable

CVE, Research URL: 7ca1c140-5fd9-446a-aefd-9383d3ab759a
Home page URL: Security reports for Facebook Chat Plugin – Live Chat Plugin for WordPress
Application: Facebook Chat Plugin – Live Chat Plugin for WordPress
Date: -
Research Description: Facebook Chat Plugin – Live Chat Plugin for WordPress [facebook-messenger-customer-chat] < 1.6 The Official WordPress Facebook Chat Plugin < 1.6 - Authenticated Options Change to Chat Takeover This flaw made it possible for low-level authenticated attackers to connect their own Facebook Messenger account to any site running the vulnerable plugin and engage in chats with site visitors on affected sites.
Affected versions: max 1.6.
Status: vulnerable

CVE, Research URL: 45072bd4b46f819196737a98e8348c94a41fa9c6
Home page URL: Security reports for Facebook Chat Plugin – Live Chat Plugin for WordPress
Application: Facebook Chat Plugin – Live Chat Plugin for WordPress
Date: Aug 04, 2020
Research Description: Facebook Chat Plugin – Live Chat Plugin for WordPress [facebook-messenger-customer-chat] < 1.6 Facebook Chat Plugin <= 1.5 - Missing Capabilities Check The Facebook Chat Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_update_options function in versions up to, and including, 1.5. This flaw makes it possible for low-level authenticated attackers to connect their own Facebook Messenger account to any site running the vulnerable plugin and engage in chats with site visitors on affected sites.
Affected versions: max 1.6.
Status: vulnerable

Jun 25, 2026

PSC, Research URL: PSC-2026-64667
Home page URL: Security reports for Facebook Chat Plugin – Live Chat Plugin for WordPress
Application: Facebook Chat Plugin – Live Chat Plugin for WordPress
Date: Jun 25, 2026
Research Description: Live chat plugins add third-party scripts, public widgets, and administrator managed page identifiers to WordPress pages. That makes them useful for customer communication, but also security-sensitive because stored settings are rendered to visitors and external script behavior becomes part of the public site surface. Facebook Chat Plugin - Live Chat Plugin for WordPress version 2.5 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64667, confirming that the plugin was reviewed from a secure code perspective with attention to common exploitation paths for live chat widget settings, public script rendering, and third-party page connection workflows.
Affected versions: Min 2.5, max 2.5.
Status: SAFE & CERTIFIED