New Flaw in WordPress Live Chat Plugin Lets Hackers Steal and Hijack Sessions

2019-06-11 10:33

Security researchers have been warning about a critical vulnerability they discovered in one of a popular WordPress Live Chat plugin, which, if exploited, could allow unauthorized remote attackers to steal chat logs or manipulate chat sessions. The vulnerability, identified as CVE-2019-12498, resides in the "WP Live Chat Support" that is currently being used by over 50,000 businesses to

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/Y8Olsb1YClg/wordpress-live-chat-plugin.html

#chat #hacker #wordpress #CVE-2019-12498

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2020-03-20	CVE-2019-12498	Missing Authorization vulnerability in 3CX Live Chat The WP Live Chat Support plugin before 8.0.33 for WordPress accepts certain REST API calls without invoking the wplc_api_permission_check protection mechanism. network low complexity 3cx CWE-862 critical	9.8

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Wordpress		7	2	95	44	18	159
Plugin		2	0	13	1	0	14

News URL

Related news

Related Vulnerability

Related vendor