CVE-2019-25737

HIGH NVD

CVSS Score 7.2

Severity HIGH

Published Jun 04, 2026

Vendor unknown

Description

Live Chat Unlimited 2.8.3 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the chat input field. Attackers can submit payloads containing script tags and event handlers that execute in the admin area, enabling cookie theft or forced redirects to malicious websites.

References

https://codecanyon.net/item/wordpress-live-chat-plugin/3952877
https://screets.com/
https://www.exploit-db.com/exploits/47037
https://www.vulncheck.com/advisories/live-chat-unlimited-stored-cross-site-scripting