Vulnerabilities and security researches forfb-messenger-live-chat fb-messenger-live-chat

Jun 07, 2024

CVE, Research URL: 0686f77f17c24a7819518ff9d94809244b470463
Home page URL: Security reports for Live Chat with Messenger Customer Chat
Application: Live Chat with Messenger Customer Chat
Date: May 22, 2019
Research Description: Live Chat with Messenger Customer Chat [fb-messenger-live-chat] < 1.4.7 WordPress Live Chat with Facebook Messenger plugin <= 1.4.6 - Stored Cross-Site Scripting (XSS) vulnerability Stored Cross-Site Scripting (XSS) vulnerability found in WordPress Live Chat with Facebook Messenger plugin (versions <= 1.4.6).
Affected versions: max 1.4.7.
Status: vulnerable

Jun 16, 2026

CVE, Research URL: 4a5ea37d-e315-40f5-ab91-ad5e80216c35
Home page URL: Security reports for Live Chat with Messenger Customer Chat
Application: Live Chat with Messenger Customer Chat
Date: -
Research Description: Live Chat with Messenger Customer Chat [fb-messenger-live-chat] < 1.4.7 Live Chat with Facebook Messenger <= 1.4.6 - Stored XSS Saves option "ztb_domainid" without authentication with any code that will be embedded in every page.
Affected versions: max 1.4.7.
Status: vulnerable

CVE, Research URL: db52671f3fd1b0e4249107995bd1d5860764ac96
Home page URL: Security reports for Live Chat with Messenger Customer Chat
Application: Live Chat with Messenger Customer Chat
Date: May 17, 2019
Research Description: Live Chat with Messenger Customer Chat [fb-messenger-live-chat] < 1.4.7 Live Chat with Messenger Customer Chat <= 1.4.6 - Unauthenticated Stored Cross-Site Scripting The 'Live Chat with Messenger Customer Chat' plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 1.4.7.
Status: vulnerable