Cross-Site Scripting Vulnerability in LiveSmart Video Chat Plugin for WordPress
CVE-2026-9644

6.4MEDIUM

Key Information:

Vendor: WordPress
Status: Livesmart Video Chat Live Video Chat
Vendor: CVE Published:; 28 May 2026

What is CVE-2026-9644?

The LiveSmart Video Chat plugin for WordPress suffers from a Stored Cross-Site Scripting vulnerability due to inadequate input sanitization and output escaping processes on user-defined attributes within the 'livesmart_widget' shortcode. This vulnerability allows authenticated users with contributor-level access or higher to inject malicious web scripts into WordPress pages. Such scripts execute when unsuspecting users access the modified pages, potentially compromising user data and website integrity.

Affected Version(s)

LiveSmart Video Chat Live Video Chat 0 <= 1.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2026
Vulnerability Reserved
May 26, 2026

Credit

Muhammad Yudha - DJ

CVE-2026-9644 Data

JSON