Headline
CVE-2017-18508: 3CX Free Live Chat
The wp-live-chat-support plugin before 7.1.03 for WordPress has XSS.
- Details
- Reviews
- Installation
- Development
Connect with your website visitors for free with the 3CX Live Chat plugin which works with 3CX. With more than 30,000 active installations, 3CX Live Chat is a reliable and tested live chat solution for WordPress. Not just a live chat solution, with 3CX Live Chat you get integrated voice, video & team collaboration features included. Get 3CX free forever, and benefit from:
- Increased sales: connect with website visitors & potential leads in real-time as they browse your website.
- Quicker resolution: switch from chat to call at any point to resolve issues faster via voice.
- Free calls: invite web visitors to contact you via ‘3CX Talk’ links. No dialing of numbers
- Increased collaboration: forward chats & discuss customer issues with your team.
- Never leave a chat unanswered: assign chats to groups, including queue-based group handling of chats.
- Meet over video: connect with visitors over video call or set up video conferences for company wide meetings.
- Work remotely: respond to live chats on the go with included iOS & Android apps.
- One system for all: answer calls, live chats, SMS, Facebook and WhatsApp messages all from the same interface
- Know who’s chatting: identify existing customers and bring up their contact records all from same interface
- Improved productivity: extensive chat and call reports to evaluate agent performance
- Free edition is free forever. No per user per month licensing
Other chat features
- Fully customizable chat box
- Full anonymity for your visitors
- Create custom offline message forms & store messages offline
- Access historical live chat records
- View missed live chats
- Chats sent and received at lightning fast speed via 3CX Live Chat Servers
- Compatible with all caching plugins (live chat window loaded via Ajax)
- Enable/Disable sound when a new live chat message is received
- Ban visitors from chatting to you based on IP Address
- Quick responses (insert a predefined response to your live chat box)
- Customer satisfaction ratings for each chat session
- Add your company logo to the live chat window
- Add your photo to the live chat window
- Include/exclude the live chat from appearing on certain pages
- Choose when to accept chats
Video: How to Set Up 3CX StartUP and Live Chat
Get 3CX
1. Download and install the WordPress Plugin
2. Sign up here for 3CX
3. With the credentials you receive login to the Web Client
4. Go to Office Settings > Voice & Chat > Add Live Chat
5. Customize your live chat bubble
6. Start answering chats or calls from the 3CX Web Client.
Read our guides on
Setting up Live Chat
How do I get 3CX StartUP Free?
3CX StartUP is an easy to setup and manage communications platform that handles live chat as well as calls, video conferencing and team communications. Ideal for small to medium sized businesses. It is available in the cloud and offered for free.
1. Sign up for a 3CX account here
2. Install the WordPress Plugin on your website
3. With the credentials you receive login to the Web Client
4. Go to Office Settings > Voice & Chat > Add Live Chat
5. Copy and paste the 3CX Live Chat URL
Will 3CX Live Chat plugin remain free forever?
Yes! The 3CX Live Chat plugin will remain free forever.
With 3CX StartUP editions you get free live chat limited to 10 users.
With 3CX Dedicated (hosted or self-managed) you get live chat included free for unlimited users.
I am looking for a simple chat. There is a very complicated configuration here. The system asks about some strange settings. This cannot be configured. Lack of Polish, despite the fact that the developer reports that Polish is supported. Waste of time.
Not responsive for Mobile, half the chat is cut off
Even when opting for standalone storage (on your own WP server), this plugin communicates with 3CX servers by WebSockets for real-time operations. And all your confidential data are passed through this channel and come to C3X servers without encryption: visitor informations such as name or email address, and every message you or your visitor can send. The “enable encryption” option within the WP plugin has no effect on it. The data are encrypted in transit (WSS protocol) but can be read on 3CX servers. We find the mention Chat message content is not logged on the “external party services” chapter, but it is very unclear that these external services are used even if you choose the standalone setup. It means for me a major privacy issue, a poor GDPR compliance and, overall, a severe lack of trustability for a solution presented as standalone.
It just stopped working. Unable to connect to the server. No response from the developers or their live chat support.
The concept would be great if it worked. The plug-in is aWays showing agents offline, no matter who or whether using a queue. Offline messages are not sent to anyone and the plug-in can pop up for the greeting but not when you start a chat (opens in a new box). Phone system works great, the chat plug-in is terrible.
It works, but requires much more configurability and separate Mobile and Desktop aspect customizations (position, opacity, size, etc.). Requires also an option to choose windowed mode or embedded for the pop-up chat.
Read all 816 reviews
“3CX Free Live Chat” is open source software. The following people have contributed to this plugin.
Contributors
10.0.6 – 2023-01-03
- 3CX StartUP sign up form
- Show settings page when plugin is activated and not yet configured
10.0.5 – 2022-09-19
- LiveChat UI updated
- Multiple issues fixed
10.0.4 – 2022-06-29
- Fixed 3CX Talk URL – trailing “:” removed when no port specified
10.0.3 – 2022-06-06
- Fixed Callus Issues
- Default Agent’s Photo Changes
10.0.2 – 2022-05-30
- Updated translations
- Added link to 3CX Start Up
10.0.1 – 2022-05-18
- Fixed Optional Caption Issue
10.0.0 – 2022-05-16
- New release with 3CX Start Up support
9.4.3 – 2022-04-28
- Fixed security issue – Thanks to Moucadel Matthieu
- Fixed issue when migrating from old versions – wplc_upgrade_tables_to_utf8mb4 error
- Improved custom bootstrap.css load
9.4.2 – 2022-04-15
- Fixed issue with path inclusion
9.4.1 – 2021-11-03
- Fixed issue on sound notification played even if it is disabled on settings.
- Fixed issue on Operation Hours related to caching.
- Fixed issue on Operating Hours in case that server is configured in +/- time zones more than 5.
- Fixed issue on “New Message” shown when session terminated by the user.
- Fixed issue on “Phone Only” mode in case that “Allow Chat” is disabled on PBX.
9.4.0 – 2021-08-06
- Improved file attachment handling for agent/visitor.
- Fixed Gutenberg block functionality.
- Improved agent’s chat page user interface.
- Improved agent’s chat page to support multiple windows or tabs.
- Added to agent’s chat the capability to watch chat messages before joining.
- Added translations for agent join chat messages.
- Improved quick responses interface on agent’s view.
- Added user’s selected department to agent’s view.
- Removed bootstrap.js library to prevent conflicts.
- Fixed emoji icons overflow on visitors’ chat.
- Fixed default agent’s name on “Standalone – No 3CX” mode.
- Fixed attachment size when agent sent file to visitor.
- Added an option to block IP of a visitor from the agent’s view.
- Reduced callus.js file size.
- Fixed issue on operating hours when cache module is enabled on server.
- Added new feature which allows visitors to make a call before their authorization (3CX mode only)
- Added support for Google Analytics events (first interaction,chat initialized, close chat, offline message submission).
- Fixed conflict with Font Awesome library of other Plugins or Themes.
- Fixed chat history to load the transcript with the correct agent name.
- Fixed chat history to use timezone as it is configured on WordPress general settings.
- Added preview of image attachments on visitor’s chat.
- Visual improvements on user interface.
- Improved error messages when an error occurred when the visitor is sending an attachment.
- Visitor’s chat loading after scroll when on mobile devices to improve Google check rating.
- Fixed remove attachments on deletion without database preservation.
- Fixed datetimes in machines local time at chat history data and exports.
- Added chat state ( minimized ) memory during navigation and page refresh.
- Fixed issue when clicking on chat conversation list more than once.
- Fixed issue with the name of the agent shown on conversations.
- Fixed visual issue on how emojis are shown to the agents.
- Fixed issue when a message with a huge number of characters is sent.
- Fixed date time stamp in case of “Chat session ended”.
- Fixed issue on attaching sequentially attachments with size that takes time to be processed.
- Fixed issue on chat window state preservation in case of navigating on different pages.
9.3.1 – 2021-03-03
- Fixed issue with periodically redirections to chat page when in admin.
9.3.0 – 2021-02-12
- Styling improvements on mobile mode.
- Added the functionality of theme picker on Code-Generator and WordPress plugin.
- Added the option to set the system language.
- Revamped styling/functionality of chat rating on “Standalone – No 3CX” mode.
- Disabled maximize video button on not supported devices.
- Enabled the configuration of text on more functional areas.
- Enabled phone-only mode on Code-Generator.
- Updated to show only the agent’s first name after taking the ownership on 3CX mode.
- Added the support of CDN on Code-Generator.
- Added “New” badge on “Standalone – No 3CX” mode for incoming chats.
- Added the logic to adapt chat messages text color based on background color.
- Enabled the configuration of images on Code-Generator.
- Enabled the option to disable offline functionality on Code-Generator.
- Refreshed translations.
- Security Fixes.
- Fixed issue with typing indicator on 3CX mode.
- Fixed issue with space not working in case that themes/plugins use smooth scrolling.
- Fixed issue with default agent image not being svg.
- Fixed issue with popout configuration for mobile mode.
- Fixed issue with passing parameters on popout window.
- Fixed issue with multisite WordPress installation.
- Fixed issue with special characters on chat window.
- Fixed issue not showing ending message in case that session terminated
- Prevent reloading the popped-out window by clicking on the minimized chat bubble.
- Fixed issue not showing exception in case of a non-valid attachment uploaded by the visitor.
9.2.1 – 2020-12-23
- Adjusted default popout behavior on 3CX mode.
- Fixed “New Message” tab notification to be shown only after the visitor engaged on chat.
- Fixed special characters set on welcome message not shown properly on popout window for 3CX mode.
- Fixed issue of not passing all parameters to the popout window for 3CX mode.
- Security fixes.
9.2.0 – 2020-12-15
- Revamped offline form to be of conversation style.
- Added greeting functionality that can be configured for Online and Offline mode.
- Added indicator on minimized bubble for unread messages.
- Added a variable for the visitor name that can be used for messages, e.g Welcome message.
- Fixed issue with chat not fit on screen when video activated.
- Fixed spacing on “is typing”
- Improved the visual presentation custom fields to the agents on “Standard – No 3CX” mode.
- Fixed issue with flickering screen when switching between conversations
- Adjusted UI to hide the arrow from consecutive conversations when they are coming from the same end.
- Fixed issue with offline form not shown on “Standard – No 3CX” mode when specific times are set on Chat Operating Hours options.
- Fixed issue with hanging in case that offline form failed to submit.
- Fixed issue with agent faulty refresh on “Standard – No 3CX” mode.
- Fixed issue with file attachment send remains hanging on “Standard – No 3CX” mode.
- Fixed issue with chat ended message not being configurable.
- Improved the handling of chats in case of inactivity or missed chats on “Standard – No 3CX” mode.
- Fixed issue of not hiding the minimized bubble in case of Phone Only mode when configuration is not valid or offline.
- Fixed issue with animation repetition on each user action.
- Fixed issue of not properly wrapping date/time inside the chat message box.
- Fixed issue of not resizing properly the chat window on iOS and Safari browser.
- Fixed issue with default visitor name configuration.
- Fixed issue with scrolling on Android devices.
- Fixed issue with chat window in caset that is configured using the percentage.
- Updated incoming chat sound notification.
- Fixed issue with avatar background color not respecting the chat color configuration.
- Fixed issue on plugin editor with “number of chat rings” validation.
- Fixed issues with “is typing” indicator flickering.
- Fixed styling issue on department selection.
- Adjusted status indicator on agents chat conversions for “Standard – No 3CX” mode.
- Added the option to “Ignore Queue ownership” on “3CX” mode.
- Added the ability to configure the profile picture prior taking ownership.
- Improved “Chat Operating Hours” configuration page.
- Fixed drop-downs to be of the same width.
- Added support for Automated first response for “3CX” mode.
9.1.2 – 2020-11-18
- Hot Fix settings validation when on Hosted Mode
9.1.1 – 2020-11-18
- Removed “On premise” mode.
- Removed Popout window chat for “Hosted” mode.
- Privacy policy settings are dynamically rendered based on settings.
- Added functionality to set the default agent’s name which will be displayed before an agent join the chat.
- Changed the available button icons.
- Improved settings validations.
- Fixed operating hours validation excluding validation of not enabled days.
- Added Phone only mode for 3CX PBX integrated mode.
- Improved data exports.
- Added Phone column in offline messages view.
- Added new slide animation when chat is positioned left.
- Fixed ringing on new chat in order to respect the corresponding setting.
- Database tables upgrade to utf8mb4. ( Only 3CX Live Chat plugin’s tables)
- Fixed conflict with other plugins or themes due to jQuery.validation.
- UI fixes and improvements.
- Improved Getting started wizard.
9.1.0 – 2020-10-20
- Added: New chatbox design.
- Improved: Getting started wizard.
- Improved: Default chat settings.
- Improved: Chat pop out mode.
- Removed: Chat tab chatbox style.
- Removed: Emojis
- Removed: “Only Phone”, and “Video and Chat” modes when on 3CX integrated mode.
- Fixed number inputs functionality in settings
- Fixed security vulnerabilities.
- Fixed business hours save issue after upgrade from version 8.x.x
- Fixed WordPress agents automatic redirects to chat page.
- Fixed chat completion flow on server error.
- Fixed html encoded characters on Client chat
9.0.24 – 2020-09-15
- Added phone field in offline message email notification.
- Fix chat client initialization for logged in users.
- UI improvements and responsive fixes.
9.0.23 – 2020-09-11
- Code cleanup.
- Improvement in 3CX Hosted Chat functionality.
9.0.22 – 2020-09-10
- Fix dashboard online visitors / agents update.
- Fix agent’s status report.
- Fix bug in 3CX Hosted Chat socket channel.
9.0.21 – 2020-09-09
- Added chat pop out to new window functionality.
- UI optimization for mobile devices.
9.0.20 – 2020-09-04
- Fix offline message success form. Message loads from settings.
- Fix unicode characters support in tools view .
- CSS improvements
- Support page new design.
- Improved 3CX Hosted Chat.
9.0.19 – 2020-09-01
- Fix Gravatar url constuction.
- Fix agent’s set online top bar button functionality.
- Fix PHP warnings on empty fields.
9.0.18 – 2020-08-31
- Getting started wizard new design.
- Fix auto redirects to chat page on admin.
- Fix offline form validation.
9.0.17 – 2020-08-11
- Dashboard page new design.
- Agent chat page new design.
- Visitor’s chat new design.
- Fix Visitor’s chat display names after refresh page.
9.0.16 – 2020-08-10
- Fix default transcript email template.
- Fix offline email notification.
- Fix Set online top bar checkbox.
9.0.15 – 2020-08-06
- Fix broken “Getting Started” wizard.
- Fix blank settings page issue.
9.0.14 – 2020-08-05
- Added WordPress 5.5 compatibility fixes.
- Fix multiple chat listings after chat server disconnection.
9.0.13 – 2020-08-03
- Fix bug on visitors’ chat initialization.
9.0.12 – 2020-07-31
- Fix utf8 encoding on settings json.
9.0.11 – 2020-07-30
- Fix error on update plugin process.
9.0.10 – 2020-07-29
- Fix mixed content issues on visitors’ chat.
9.0.9 – 2020-07-29
- Fix avatar broken image.
- Added chat notifications ringtone and browser notification when not live chat window is active ( available only with 3CX servers usage ).
- Added font, isolated from external css, on visitor’s chat.
- Fix offline message bug on 3CX PBX Integration mode.
- Added support of setting up texts in settings on 3CX PBX Integration mode.
9.0.8 – 2020-07-28
- Fix bug on display business hours.
- Added message on agent’s chat view when chat is offline due to business hours settings.
- Fix bug on agent’s chats list with broken image link.
- Fix chat notifications ringtone and browser notification.
9.0.6 – 2020-07-27
- Fix bug which appears when visitor had multiple active tabs with active chat.
- Fix bug “TcxFa is not defined” on websites front end.
- Fix broken image after remove logo in settings.
- Fix display of pages without title in settings lists.
- Fix “Current activity” counter on dashboard.
- Improved 3CX Chat server functionality.
9.0.5 – 2020-07-22
- Fix bug responsible for faulty roles migration from older version.
- Fix chat list rendering on agent online – offline toggle.
9.0.4 – 2020-07-21
- Fix UTF8 characters on settings.
- Fix bug on ajax calls due to trailing slash.
- Fix bug on received files load on chat client.
- Added missing functions prefix to isolate them from external calls.
9.0.3 – 2020-07-20
- Fix font-awesome icons conflict with other themes and/or plugins.
- Fix bug which creates interferences in post pages with checkboxes.
- Fix broken font-family on chat client.
9.0.2 – 2020-07-17
- Fix validation error texts.
- Fix activation process after update from old version.
9.0.1 – 2020-07-17
- Fix warning about PHP constants for PHP versions older than 5.6
- Changed default chat height to 50% from 70%
9.0.0 – 2020-07-17
- Full plugin refactor with NEW component based software architecture.
- Added new 3CX cloud chat servers integration.
- Added new feature for integration with 3CX PBX.
- Added new first time usage “Getting start” wizard.
- Added validations and conflicts checks in the plugin’s settings.
- New chat client for visitors developed with Vue js web component.
- New agent chat interface unified for both on-Premise and 3CX cloud chat servers.
- Tools, Webhooks, Departments and Custom fields management moved under new section.
- New improved setup process for business hours.
- New improved setup process for page base settings like “Excluded chat pages”.
- New chat server for on-premise installations with significantly reduced ajax requests quantity and footprint.
- Missed chats and History moved to new section Chat History with search functionality.
- Removed GDPR search functionality.
- Removed Triggers functionality.
- Removed all actions and filters.
- Removed ready to use themes functionality.
8.2.0 – 2020-07-11
- Fixed VULN: Fixed XSS vulnerability within quick responses in agent chat.
- Fixed VULN: Fixed XSS vulnerability within posts and pages render in agent direct to page modal.
8.1.9 – 2020-06-09
- Bugfix: Fixed chat icon url on admin.
- Bugfix: Custom theme colors.
8.1.8 – 2020-05-28
- Bugfix: Offline messages delete not worked
- Bugfix: Load bootstrap js sourcemap failed
- Bugfix: Urls Fixed for linux compatibility
8.1.7 – 2020-02-05
- Bugfix: added some missing translation strings
- Bugfix: HTML email body in auto responder not parsed correctly
- Improvement: added “Debug mode”, extra logs added to PHP error log
- Improvement: reduced ajax requests footprint, removing unneeded fields
- Improvement: added confirmation for history delete
8.1.6 – 2020-01-16
- Bugfix: more optimizations to avoid lots of 403 errors when PHP session expires
- Bugfix: custom style color picker adds an extra # breaking color code
- Improvement: improved performance in some timed events