cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches fortidio-live-chat tidio-live-chat

Direction: ascending
Jun 06, 2024

Tidio – Live Chat & AI Chatbots # 341060c81c1885ea3f1b6a25b9588e94ee888f4c

CVE, Research URL

341060c81c1885ea3f1b6a25b9588e94ee888f4c

Home page URL

Security reports for Tidio – Live Chat & AI Chatbots

Application

Tidio – Live Chat & AI Chatbots

Date
Sep 20, 2022
Research Description
Tidio – Live Chat &amp; AI Chatbots [tidio-live-chat] < 5.3.0 Tidio – Live Chat, Chatbots & Email Integration <= 5.2.0 - Sensitive Information Disclosure The Tidio plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 5.2.0. This could allow unauthenticated attackers to extract system information such as installation paths on misconfigured servers with verbose error output enabled.
Affected versions
max 5.3.0.
Status
vulnerable
Jun 16, 2026

Tidio – Live Chat &amp; AI Chatbots # de5faa60196b07735f1d2bd2f7084639effd5e8b

CVE, Research URL

de5faa60196b07735f1d2bd2f7084639effd5e8b

Home page URL

Security reports for Tidio – Live Chat &amp; AI Chatbots

Application

Tidio – Live Chat &amp; AI Chatbots

Date
Nov 05, 2019
Research Description
Tidio – Live Chat &amp; AI Chatbots [tidio-live-chat] < 4.2.1 Tidio Live Chat < 4.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting The Tidio Live Chat plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.2.0. This is due to missing or incorrect nonce validation on the toggleAsync(), ajaxSetProjectKeys(), and uninstall() functions. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, alongside performing other administrative actions, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 4.2.1.
Status
vulnerable

Tidio – Live Chat &amp; AI Chatbots # d4067348-a597-40bc-8ec8-a751efde353a

CVE, Research URL

d4067348-a597-40bc-8ec8-a751efde353a

Home page URL

Security reports for Tidio – Live Chat &amp; AI Chatbots

Application

Tidio – Live Chat &amp; AI Chatbots

Date
-
Research Description
Tidio – Live Chat &amp; AI Chatbots [tidio-live-chat] < 4.2.0 Tidio Live Chat &lt;= 4.1.0 - CSRF to Stored XSS A CSRF vulnerability in the Tidio Live Chat WordPress Plugin &lt;= 4.1.0 allows attackers to trick admins into adding a Stored XSS payload presented to all visitors. Fixed in 4.2.0.
Affected versions
max 4.2.0.
Status
vulnerable