Sensitive Information Exposure in Chat Help Plugin for WordPress
CVE-2026-15291
7.5HIGH
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 10 July 2026
What is CVE-2026-15291?
The Chat Help β Click to Chat Button & Form plugin for WordPress is susceptible to sensitive information exposure through its REST API endpoints, allowing unauthenticated attackers to access a range of sensitive user data. Versions up to 3.1.3 fail to implement necessary authentication and authorization checks, putting customer names, email addresses, phone numbers, WhatsApp messages, IP address geolocations, device fingerprints, and even WordPress account credentials of logged-in users at risk.
Affected Version(s)
ChatHelp β Click to Chat Button, WooCommerce Chat to Order & Floating Chat Form 0 <= 3.1.3