Description
Cross-site scripting (XSS) vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter. NOTE: some of these details are obtained from third party information.
Exploits (1)
Nuclei Templates (1)
ClickDesk Live Support Live Chat 2.0 - Cross-Site Scripting
MEDIUMby daffainfo
References (5)
Core 5
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/50778
Product x_refsource_misc
http://wordpress.org/extend/plugins/clickdesk-live-support-chat-plugin/changelog/
Exploit vdb-entry
x_refsource_osvdb
http://osvdb.org/77338
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/520624/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/71469
Scores
EPSS
0.0201
EPSS Percentile
83.9%
Details
CWE
CWE-79
Status
published
Products (1)
clickdesk/clickdesk_live_support-live_chat_plugin
2.0
Published
Sep 20, 2012
Tracked Since
Feb 18, 2026