Description
Subscriber Sensitive Data Exposure in Chatway Live Chat &#8211; AI Chatbot, Customer Support, FAQ &amp; Helpdesk Customer Service &amp; Chat Buttons <= 1.4.8 versions.
Published: 2026-06-15
Score: 7.4 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability causes subscriber sensitive data to be exposed by the Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons plugin in WordPress versions up to 1.4.8. This flaw allows an attacker to read data that should remain confidential, compromising privacy of subscriber information. The weakness is an instance of CWE‑201, which highlights improper protection of data during transmission or storage.

Affected Systems

WordPress sites that have installed the Chatway Live Chat plugin version 1.4.8 or earlier are affected. The plugin, commonly referred to as Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons, should be upgraded to at least version 1.4.9 to remove the vulnerability.

Risk and Exploitability

The CVSS score of 7.4 indicates a high severity, while the EPSS score of less than 1% suggests a low probability of exploitation in the wild. With no public exploit listed and not present in the CISA KEV catalog, the risk remains primarily theoretical. The likely attack vector is through the plugin’s configuration or data handling routines, potentially accessible to an authenticated administrator or through a local compromise of the WordPress site. Because the description does not specify a network‑based vector, it is inferred that the risk is mitigated if the site owner promptly applies the available patch.

Generated by OpenCVE AI on June 18, 2026 at 00:29 UTC.

Remediation

Vendor Solution

Update the WordPress Chatway Live Chat &#8211; AI Chatbot, Customer Support, FAQ &amp; Helpdesk Customer Service &amp; Chat Buttons Plugin to the latest available version (at least 1.4.9).


OpenCVE Recommended Actions

  • Upgrade the Chatway Live Chat plugin to version 1.4.9 or later.
  • If an upgrade is not immediately possible, disable or remove the plugin until the patch can be applied.
  • Validate that no subscriber data is stored in plain text in any remaining configuration files or logs.

Generated by OpenCVE AI on June 18, 2026 at 00:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 23 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Chatway Live Chat
Chatway Live Chat chatway Live Chat &#8211; Ai Chatbot, Customer Support, Faq &amp; Helpdesk Customer Service &amp; Chat Buttons
Wordpress
Wordpress wordpress
Vendors & Products Chatway Live Chat
Chatway Live Chat chatway Live Chat &#8211; Ai Chatbot, Customer Support, Faq &amp; Helpdesk Customer Service &amp; Chat Buttons
Wordpress
Wordpress wordpress

Tue, 16 Jun 2026 06:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 15 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Description Subscriber Sensitive Data Exposure in Chatway Live Chat &#8211; AI Chatbot, Customer Support, FAQ &amp; Helpdesk Customer Service &amp; Chat Buttons <= 1.4.8 versions.
Title WordPress Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons plugin <= 1.4.8 - Sensitive Data Exposure vulnerability
Weaknesses CWE-201
References
Metrics cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L'}


Subscriptions

Chatway Live Chat Chatway Live Chat &#8211; Ai Chatbot, Customer Support, Faq &amp; Helpdesk Customer Service &amp; Chat Buttons
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-16T01:18:58.516Z

Reserved: 2026-05-27T10:27:09.956Z

Link: CVE-2026-49082

cve-icon Vulnrichment

Updated: 2026-06-16T01:18:53.909Z

cve-icon NVD

Status : Deferred

Published: 2026-06-15T21:17:20.000

Modified: 2026-06-15T21:24:32.790

Link: CVE-2026-49082

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-23T21:06:39Z

Weaknesses
  • CWE-201

    Insertion of Sensitive Information Into Sent Data