EIP-2026-114220

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114220. PoCs published by Dennis Kerdijk & Erwin Kievith.

AI-analyzed exploit summary This is a working proof-of-concept for a stored XSS vulnerability in the WP Live Chat Support WordPress Plugin. The exploit demonstrates how an unauthenticated attacker can inject malicious JavaScript payloads via the 'name' and 'msg' parameters in a POST request, which are then stored and executed when viewed by an admin.

Description

WordPress Plugin WP Live Chat Support 6.2.03 - Persistent Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC VERIFIED

by Dennis Kerdijk & Erwin Kievith · textwebappsphp

https://www.exploit-db.com/exploits/40190

View Code ZIP pw:eip

This is a working proof-of-concept for a stored XSS vulnerability in the WP Live Chat Support WordPress Plugin. The exploit demonstrates how an unauthenticated attacker can inject malicious JavaScript payloads via the 'name' and 'msg' parameters in a POST request, which are then stored and executed when viewed by an admin.

Classification

Working Poc 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: WP Live Chat Support WordPress Plugin version 6.2.03

No auth needed

Prerequisites: Target must have WP Live Chat Support plugin version 6.2.03 installed · Victim must view the stored malicious message

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

WordPress Plugin WP Live Chat Support 6.2.03 - Persistent Cross-Site Scripting

Exploitation Summary

Description

Exploits (1)

Details