Sensitive Information Exposure in Chat Help Plugin for WordPress
CVE-2026-15291

7.5HIGH

What is CVE-2026-15291?

The Chat Help – Click to Chat Button & Form plugin for WordPress is susceptible to sensitive information exposure through its REST API endpoints, allowing unauthenticated attackers to access a range of sensitive user data. Versions up to 3.1.3 fail to implement necessary authentication and authorization checks, putting customer names, email addresses, phone numbers, WhatsApp messages, IP address geolocations, device fingerprints, and even WordPress account credentials of logged-in users at risk.

Affected Version(s)

ChatHelp – Click to Chat Button, WooCommerce Chat to Order & Floating Chat Form 0 <= 3.1.3

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

NumeX
.