WP Live Chat Support version 8.0.05 suffers from a cross site scripting vulnerability.
efa35d38ab04776de3b299f27637dca10dcc8084956e6cd18d59a27bdf49aefb
An unauthenticated user can inject arbitrary javascript code in the admin panel by using the text field aNamea of WP Live Chat Support. The arbitrary code runs on the page wplivechat-menu-history.
In the file wp-live-chat-support.php there is no sanitization of $result->id (row 4439).
WP Live Chat Support 8.0.05 is vulnerable, probably earlier versions too.
In WP Live Chat Support 8.0.06 the vulnerability is fixed.
Video PoC: https://www.youtube.com/watch?v=eHG1pWaez9w
URL public disclosure: https://www.gubello.me/blog/wp-live-chat-support-8-0-05-stored-xss/
Sent with [ProtonMail](https://protonmail.com) Secure Email.