{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/chat-help/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-15291"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Chat Help – Click to Chat Button \u0026 Form plugin for WordPress (\u003c 3.1.4)"],"_cs_severities":["high"],"_cs_tags":["wordpress","plugin","information-disclosure","rest-api","cve"],"_cs_type":"advisory","_cs_vendors":["Chat Help"],"content_html":"\u003cp\u003eUnauthenticated attackers can exploit CVE-2026-15291, a critical sensitive information exposure vulnerability in the \u0026quot;Chat Help - Click to Chat Button \u0026amp; Form\u0026quot; plugin for WordPress. All versions up to and including 3.1.3 are affected. The flaw stems from the plugin's REST API endpoints, specifically \u003ccode\u003e/wp-json/chat-help/v1/leads\u003c/code\u003e and \u003ccode\u003e/wp-json/chat-help/v1/leads/{id}\u003c/code\u003e, which lack essential authentication and authorization checks. This oversight allows anyone to directly query these endpoints and retrieve a wealth of sensitive data. This includes customer names, email addresses, phone numbers, WhatsApp messages, comprehensive geolocation data (IP addresses, city, country, ISP, coordinates), device fingerprinting information (browser, OS, screen resolution), and even WordPress account credentials (user IDs, usernames, emails, names) belonging to logged-in users who have interacted with the forms. This vulnerability poses a significant risk to user privacy and could facilitate further targeted attacks.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a target WordPress website utilizing the vulnerable \u0026quot;Chat Help - Click to Chat Button \u0026amp; Form\u0026quot; plugin (versions 3.1.3 or earlier).\u003c/li\u003e\n\u003cli\u003eThe attacker, unauthenticated, crafts an HTTP GET request to the publicly exposed REST API endpoint \u003ccode\u003e/wp-json/chat-help/v1/leads\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eDue to the absence of authentication and authorization mechanisms, the vulnerable plugin processes the request without validating the attacker's identity or permissions.\u003c/li\u003e\n\u003cli\u003eThe plugin queries its internal database for all stored \u0026quot;lead\u0026quot; records, which contain sensitive user interactions and data.\u003c/li\u003e\n\u003cli\u003eThe plugin generates a JSON response containing comprehensive data for all leads, including customer names, email addresses, phone numbers, and WhatsApp messages.\u003c/li\u003e\n\u003cli\u003eThe attacker receives this JSON response, gaining access to a wide array of personal identifiable information.\u003c/li\u003e\n\u003cli\u003eThe response also includes detailed geolocation data such as IP addresses, city, country, ISP, and geographic coordinates for each lead.\u003c/li\u003e\n\u003cli\u003eFurthermore, the attacker can extract device fingerprinting information (browser, OS, screen resolution) and WordPress account credentials (user IDs, usernames, emails) associated with users who submitted forms.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-15291 leads to a severe breach of personal and sensitive information for all individuals who have interacted with the Chat Help plugin's forms. This directly compromises user privacy and trust. The exposed data, including email addresses, phone numbers, geolocation, and even WordPress account details, can be leveraged for highly targeted phishing campaigns, spam, identity theft, or credential stuffing attacks against other services. While no specific victim count is available, any organization using the affected plugin on their WordPress site is at risk of exposing their customer and visitor data. Businesses handling customer inquiries, support, or marketing via these forms are particularly vulnerable.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately update the \u0026quot;Chat Help - Click to Chat Button \u0026amp; Form\u0026quot; plugin to a patched version (3.1.4 or higher) to remediate \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-15291\"\u003eCVE-2026-15291\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eDeploy the provided Sigma rule to your SIEM to detect suspicious access attempts to the exposed REST API endpoints.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for your WordPress instance for unusual or excessive GET requests to \u003ccode\u003e/wp-json/chat-help/v1/leads\u003c/code\u003e or \u003ccode\u003e/wp-json/chat-help/v1/leads/{id}\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eImplement strong authentication and authorization best practices for all public-facing APIs on your web applications.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-10T05:21:53Z","date_published":"2026-07-10T05:21:53Z","id":"https://feed.craftedsignal.io/briefs/2026-07-wordpress-chat-help-info-exposure/","summary":"Unauthenticated attackers can exploit CVE-2026-15291, a vulnerability in the Chat Help - Click to Chat Button \u0026 Form WordPress plugin (versions up to and including 3.1.3), due to a lack of authentication and authorization checks on specific REST API endpoints (/wp-json/chat-help/v1/leads and /wp-json/chat-help/v1/leads/{id}), allowing them to extract sensitive user data, including names, email addresses, phone numbers, WhatsApp messages, complete geolocation data, device fingerprinting, and WordPress account credentials for logged-in users who submitted forms.","title":"CVE-2026-15291: WordPress Chat Help Plugin Sensitive Information Exposure","url":"https://feed.craftedsignal.io/briefs/2026-07-wordpress-chat-help-info-exposure/"}],"language":"en","title":"CraftedSignal Threat Feed - Chat Help","version":"https://jsonfeed.org/version/1.1"}