cleantalk
Vulnerabilities and Security Researches

Tidio – Live Chat & AI Chatbots, de5faa60196b07735f1d2bd2f7084639effd5e8b

CVE, Research URL

de5faa60196b07735f1d2bd2f7084639effd5e8b

Home page URL

Security reports for Tidio – Live Chat & AI Chatbots

Application

Tidio – Live Chat & AI Chatbots

Published on
Nov 05, 2019
Research Description
Tidio – Live Chat &amp; AI Chatbots [tidio-live-chat] < 4.2.1 Tidio Live Chat < 4.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting The Tidio Live Chat plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.2.0. This is due to missing or incorrect nonce validation on the toggleAsync(), ajaxSetProjectKeys(), and uninstall() functions. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, alongside performing other administrative actions, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 4.2.1.
Status
vulnerable
Previous vulnerability researches
My auctions allegro (CVE-2025-27009) , Apr 16, 2025
My auctions allegro (CVE-2024-11707) , Dec 06, 2024
My auctions allegro (CVE-2025-68567) , Jan 10, 2026
My auctions allegro (CVE-2025-68566) , Jan 10, 2026
My auctions allegro (CVE-2025-12851) , Dec 10, 2025
New vulnerability
Files Download Delay (83c3cbc04212eed59c22955c24f7c4034c6c746e) , Jun 16, 2026
All-In-One Security (AIOS) – Security and Firewall (5ef1186b-7457-4fcd-96c4-e32a68c8ede2) , Jun 16, 2026
All-In-One Security (AIOS) – Security and Firewall (209def1128b75ad6cd7c7ca2ef9e8d3e077c3e42) , Jun 16, 2026
All-In-One Security (AIOS) – Security and Firewall (7703743b26d62d7180ced04f7b5f93605b3a4a93) , Jun 16, 2026
All-In-One Security (AIOS) – Security and Firewall (4d6a4031a3cbd06a805b4c3c43fcc3b4e230a014) , Jun 16, 2026