{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-49235", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2024-10-14T10:39:06.932Z", "datePublished": "2024-10-17T17:24:17.951Z", "dateUpdated": "2026-04-01T15:35:56.017Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "live-support-tickets", "product": "Contact Forms, Live Support, CRM, Video Messages", "vendor": "videowhisper", "versions": [{"changes": [{"at": "1.11.1", "status": "unaffected"}], "lessThanOrEqual": "1.10.2", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Joshua Chan | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:27:58.099Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Insertion of Sensitive Information Into Sent Data vulnerability in videowhisper Contact Forms, Live Support, CRM, Video Messages live-support-tickets allows Retrieve Embedded Sensitive Data.<p>This issue affects Contact Forms, Live Support, CRM, Video Messages: from n/a through <= 1.10.2.</p>"}], "value": "Insertion of Sensitive Information Into Sent Data vulnerability in videowhisper Contact Forms, Live Support, CRM, Video Messages live-support-tickets allows Retrieve Embedded Sensitive Data.This issue affects Contact Forms, Live Support, CRM, Video Messages: from n/a through <= 1.10.2."}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "Retrieve Embedded Sensitive Data"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-201", "description": "Insertion of Sensitive Information Into Sent Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-01T15:35:56.017Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/live-support-tickets/vulnerability/wordpress-contact-forms-live-support-crm-video-messages-plugin-1-10-2-sensitive-data-exposure-vulnerability?_s_id=cve"}], "title": "WordPress Contact Forms, Live Support, CRM, Video Messages plugin <= 1.10.2 - Sensitive Data Exposure vulnerability"}, "adp": [{"affected": [{"vendor": "videowhisper", "product": "contact_forms_live_support_crm_video_messages_plugin", "cpes": ["cpe:2.3:a:videowhisper:contact_forms_live_support_crm_video_messages_plugin:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.10.2", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-17T19:56:39.012032Z", "id": "CVE-2024-49235", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-17T20:01:17.347Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-49235", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-17T19:56:39.012032Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:videowhisper:contact_forms_live_support_crm_video_messages_plugin:*:*:*:*:*:*:*:*"], "vendor": "videowhisper", "product": "contact_forms_live_support_crm_video_messages_plugin", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.10.2"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-17T20:01:12.422Z"}}], "cna": {"title": "WordPress Contact Forms, Live Support, CRM, Video Messages plugin <= 1.10.2 - Sensitive Data Exposure vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Joshua Chan (Patchstack Alliance)"}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "CAPEC-37 Retrieve Embedded Sensitive Data"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "VideoWhisper.com", "product": "Contact Forms, Live Support, CRM, Video Messages", "versions": [{"status": "affected", "version": "n/a", "versionType": "custom", "lessThanOrEqual": "1.10.2"}], "packageName": "live-support-tickets", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "references": [{"url": "https://patchstack.com/database/vulnerability/live-support-tickets/wordpress-contact-forms-live-support-crm-video-messages-plugin-1-10-2-sensitive-data-exposure-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Insertion of Sensitive Information Into Sent Data vulnerability in VideoWhisper.Com Contact Forms, Live Support, CRM, Video Messages allows Retrieve Embedded Sensitive Data.This issue affects Contact Forms, Live Support, CRM, Video Messages: from n/a through 1.10.2.", "supportingMedia": [{"type": "text/html", "value": "Insertion of Sensitive Information Into Sent Data vulnerability in VideoWhisper.Com Contact Forms, Live Support, CRM, Video Messages allows Retrieve Embedded Sensitive Data.<p>This issue affects Contact Forms, Live Support, CRM, Video Messages: from n/a through 1.10.2.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-201", "description": "CWE-201: Insertion of Sensitive Information Into Sent Data"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-10-17T17:24:17.951Z"}}}, "cveMetadata": {"cveId": "CVE-2024-49235", "state": "PUBLISHED", "dateUpdated": "2024-10-17T20:01:17.347Z", "dateReserved": "2024-10-14T10:39:06.932Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2024-10-17T17:24:17.951Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Insertion of Sensitive Information Into Sent Data vulnerability in videowhisper Contact Forms, Live Support, CRM, Video Messages live-support-tickets allows Retrieve Embedded Sensitive Data.This issue affects Contact Forms, Live Support, CRM, Video Messages: from n/a through <= 1.10.2."}, {"lang": "es", "value": "La vulnerabilidad de inserci\u00f3n de informaci\u00f3n confidencial en los datos enviados en VideoWhisper.Com Contact Forms, Live Support, CRM, Video Messages permite recuperar datos confidenciales integrados. Este problema afecta a los formularios de contacto, soporte en vivo, CRM y mensajes de video: desde n/a hasta 1.10.2."}], "id": "CVE-2024-49235", "lastModified": "2026-04-15T00:35:42.020", "metrics": {}, "published": "2024-10-17T18:15:10.107", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/live-support-tickets/vulnerability/wordpress-contact-forms-live-support-crm-video-messages-plugin-1-10-2-sensitive-data-exposure-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-201"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}