CVE-2025-30977 is a stored Cross-site Scripting (XSS) vulnerability classified under CWE-79, affecting the Chaport Live Chat WP Live Chat + Chatbots Plugin for WordPress. This vulnerability arises due to improper neutralization of input during web page generation, allowing malicious actors to inject and store arbitrary scripts within the plugin's data handling processes. When a victim visits a page where the malicious script is rendered, the script executes in the context of the victim's browser, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of the user. The affected versions include all versions up to 1.1.5. The CVSS v3.1 base score is 5.9, indicating a medium severity level. The vector string (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L) shows that the attack can be performed remotely over the network with low attack complexity but requires high privileges and user interaction, and it impacts confidentiality, integrity, and availability to a limited extent with scope change. No known exploits are currently reported in the wild, and no patches are linked yet. The vulnerability is significant because WordPress plugins are widely used to extend website functionality, and live chat plugins often interact with users in real-time, making them attractive targets for attackers to inject malicious scripts that can compromise both site administrators and visitors.

For European organizations, this vulnerability poses a risk primarily to websites using the Chaport Live Chat plugin on WordPress. Exploitation could lead to unauthorized access to user sessions, leakage of sensitive information, and potential defacement or disruption of services. Given the nature of stored XSS, attackers could target both site administrators and end-users, potentially leading to broader compromise within an organization’s web infrastructure. This can affect customer trust, lead to regulatory non-compliance under GDPR due to data breaches, and cause reputational damage. Organizations relying on this plugin for customer interaction may experience service interruptions or data integrity issues. The requirement for high privileges to exploit somewhat limits the attacker scope but does not eliminate risk, especially if administrative accounts are compromised or if insider threats exist. The scope change in CVSS indicates that the vulnerability could affect components beyond the initially targeted system, potentially impacting other integrated systems or services.

1. Immediate auditing of WordPress sites using the Chaport Live Chat plugin to identify affected versions (up to 1.1.5). 2. Restrict administrative privileges strictly to trusted personnel and enforce strong authentication mechanisms, such as multi-factor authentication, to reduce the risk of privilege misuse. 3. Monitor and sanitize all user inputs rigorously, especially those processed by the live chat plugin, using server-side validation and output encoding to prevent script injection. 4. Implement Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. 5. Regularly review and update all WordPress plugins and core installations to the latest versions once patches for this vulnerability are released. 6. Conduct security awareness training for administrators and users to recognize suspicious activities and avoid interacting with untrusted inputs. 7. Employ web application firewalls (WAF) configured to detect and block common XSS attack patterns targeting the live chat plugin. 8. Establish logging and alerting mechanisms to detect unusual activities related to the plugin, such as unexpected script injections or privilege escalations.