◈ AI Security Intelligence ← Daily feed
Vulnerability  ·  2026-06-17

Chatway Live Chat AI Chatbot — Subscriber Sensitive Data Exposure (CVE-2026-49082)

VulnerabilityMedium impactGlobalCVE-2026-49082
What happened
CVE-2026-49082 (CVSS 7.4 HIGH) published 2026-06-15. The Chatway Live Chat plugin for WordPress in versions ≤ 1.4.8 exposes sensitive data (chat logs, visitor information, or API credentials) to subscriber-level users who should not have access.
Why it matters
AI chatbot plugins aggregate visitor conversations and may store provider API keys. Sensitive data exposure to low-privilege users risks leaking private user interactions and LLM API credentials.
Attack vector
A subscriber-level authenticated user accesses sensitive data exposed by the Chatway Live Chat AI chatbot plugin without proper access control.
Affected systems
Chatway Live Chat WordPress plugin ≤ 1.4.8
Mitigation
Update Chatway Live Chat plugin to version > 1.4.8. Patchstack advisory: https://patchstack.com/database/wordpress/plugin/chatway-live-chat/vulnerability/wordpress-chatway-live-chat-ai-chatbot-customer-support-faq-helpdesk-customer-service-chat-buttons-plugin-1-4-8-sensitive-data-exposure-vulnerability
Sources
Patchstack Advisory — Chatway Sensitive Data ExposureNVD CVE-2026-49082
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →