Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tawk tawk.to live chat vulnerabilities and exploits
(subscribe to this query)
8
CVSSv3
CVE-2021-24914
The Tawk.To Live Chat WordPress plugin prior to 0.6.0 does not have capability and CSRF checks in the tawkto_setwidget and tawkto_removewidget AJAX actions, available to any authenticated user. The first one allows low-privileged users (including simple subscribers) to change the...
Tawk Tawk.to Live Chat
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started