Understanding and Defending Against CVE-2026-15291: Sensitive Information Exposure in Chat Help Plugin
The Chat Help – Click to Chat Button & Form plugin for WordPress is vulnerable to Sensitive Information Exposure due to missing authentication and authorization checks in its REST API endpoints. This allows unauthenticated attackers to extract sensitive data, including customer information and WordPress account credentials. The vulnerability has a CVSS score of 7.5 and affects all versions up to 3.1.3.