VYPR

Live Chat

by Five9

CVEs (3)

  • CVE-2025-11829MedNov 11, 2025
    risk 0.42cvss 6.4epss 0.00

    The Five9 Live Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'toolbar' attribute of the [five9-chat] shortcode in all versions up to, and including, 1.1.2. This is due to insufficient input sanitization and output escaping. This makes it possible…

  • CVE-2025-8349MedOct 20, 2025
    risk 0.34cvss epss 0.00

    Cross-site Scripting (XSS) stored vulnerability in Tawk Live Chat. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by uploading a malicious PDF with JavaScript payload through the chatbot. The PDF is stored by the application and…

  • CVE-2025-45960Jul 25, 2025
    risk 0.00cvss epss 0.00

    Cross Site Scripting vulnerability in tawk.to Live Chat v.1.6.1 allows a remote attacker to execute arbitrary code via the web application stores and displays user-supplied input without proper input validation or encoding