MEDIUM
nhadjidimitrov
CVE published 2026-05-28
CVE-2026-9644
A stored cross-site scripting (XSS) vulnerability exists in the LiveSmart Video Chat Live Video Chat plugin for WordPress. The flaw resides in the plugin's 'livesmart_widget' shortcode, where insufficient input sanitization and output escaping on user-supplied attributes allow authenticated attackers with contributor-level access or higher to inject arbitrary web scripts. These scripts execute when any us [truncated]