Security News > 2019 > June > New Flaw in WordPress Live Chat Plugin Lets Hackers Steal and Hijack Sessions
2019-06-11 10:33
Security researchers have been warning about a critical vulnerability they discovered in one of a popular WordPress Live Chat plugin, which, if exploited, could allow unauthorized remote attackers to steal chat logs or manipulate chat sessions. The vulnerability, identified as CVE-2019-12498, resides in the "WP Live Chat Support" that is currently being used by over 50,000 businesses to
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/Y8Olsb1YClg/wordpress-live-chat-plugin.html
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-03-20 | CVE-2019-12498 | Missing Authorization vulnerability in 3CX Live Chat The WP Live Chat Support plugin before 8.0.33 for WordPress accepts certain REST API calls without invoking the wplc_api_permission_check protection mechanism. | 9.8 |