Vulnerabilities and security researches forwschat-live-chat wschat-live-chat

Dec 11, 2025

CVE, Research URL: CVE-2025-12751
Home page URL: Security reports for WSChat – WordPress Live Chat
Application: WSChat – WordPress Live Chat
Date: Nov 19, 2025
Research Description: The WSChat – WordPress Live Chat plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'reset_settings' AJAX endpoint in all versions up to, and including, 3.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset the plugin's settings.
Affected versions: max 3.1.7.
Status: vulnerable