Security News > 2019 > June > New Flaw in WordPress Live Chat Plugin Lets Hackers Steal and Hijack Sessions

New Flaw in WordPress Live Chat Plugin Lets Hackers Steal and Hijack Sessions
2019-06-11 10:33

Security researchers have been warning about a critical vulnerability they discovered in one of a popular WordPress Live Chat plugin, which, if exploited, could allow unauthorized remote attackers to steal chat logs or manipulate chat sessions. The vulnerability, identified as CVE-2019-12498, resides in the "WP Live Chat Support" that is currently being used by over 50,000 businesses to


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/Y8Olsb1YClg/wordpress-live-chat-plugin.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-03-20 CVE-2019-12498 Missing Authorization vulnerability in 3CX Live Chat
The WP Live Chat Support plugin before 8.0.33 for WordPress accepts certain REST API calls without invoking the wplc_api_permission_check protection mechanism.
network
low complexity
3cx CWE-862
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Wordpress 7 2 95 44 18 159
Plugin 2 0 13 1 0 14