Vulnerabilities > CVE-2019-12498 - Missing Authorization vulnerability in 3CX Live Chat

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

3cx

CWE-862

NVD

Published: 2020-03-20

Updated: 2021-08-12

Summary

The WP Live Chat Support plugin before 8.0.33 for WordPress accepts certain REST API calls without invoking the wplc_api_permission_check protection mechanism.

Vulnerable Configurations

Part	Description	Count
Application	3Cx 3CX Live Chat - 3CX Live Chat 1.0 3CX Live Chat 2.0 3CX Live Chat 2.1 3CX Live Chat 2.2 3CX Live Chat 2.3 3CX Live Chat 2.4 3CX Live Chat 2.5 3CX Live Chat 2.6 3CX Live Chat 2.7 3CX Live Chat 2.8 3CX Live Chat 2.9 3CX Live Chat 2.10 3CX Live Chat 3.0 3CX Live Chat 3.01 3CX Live Chat 3.02 3CX Live Chat 3.03 3CX Live Chat 3.04 3CX Live Chat 3.05 3CX Live Chat 3.06 3CX Live Chat 3.07 3CX Live Chat 3.08 3CX Live Chat 4.0 3CX Live Chat 4.0.0 3CX Live Chat 4.0.1 3CX Live Chat 4.0.2 3CX Live Chat 4.1.0 3CX Live Chat 4.1.1 3CX Live Chat 4.1.2 3CX Live Chat 4.1.3 3CX Live Chat 4.1.4 3CX Live Chat 4.1.5 3CX Live Chat 4.1.6 3CX Live Chat 4.1.7 3CX Live Chat 4.1.8 3CX Live Chat 4.1.9 3CX Live Chat 4.1.10 3CX Live Chat 4.2.0 3CX Live Chat 4.2.1 3CX Live Chat 4.2.2 3CX Live Chat 4.2.3 3CX Live Chat 4.2.4 3CX Live Chat 4.2.5 3CX Live Chat 4.2.6 3CX Live Chat 4.2.7 3CX Live Chat 4.2.8 3CX Live Chat 4.2.9 3CX Live Chat 4.2.10 3CX Live Chat 4.2.11 3CX Live Chat 4.2.12 3CX Live Chat 4.3.0 3CX Live Chat 4.3.1 3CX Live Chat 4.3.2 3CX Live Chat 4.3.3 3CX Live Chat 4.3.4 3CX Live Chat 4.3.5 3CX Live Chat 4.4.0 3CX Live Chat 4.4.1 3CX Live Chat 4.4.2 3CX Live Chat 4.4.3 3CX Live Chat 4.4.4 3CX Live Chat 5.0.0 3CX Live Chat 5.0.1 3CX Live Chat 5.0.2 3CX Live Chat 5.0.3 3CX Live Chat 5.0.4 3CX Live Chat 5.0.5 3CX Live Chat 5.0.6 3CX Live Chat 5.0.7 3CX Live Chat 5.0.8 3CX Live Chat 5.0.9 3CX Live Chat 5.0.10 3CX Live Chat 5.0.11 3CX Live Chat 5.0.12 3CX Live Chat 5.0.13 3CX Live Chat 5.0.14 3CX Live Chat 6.0.00 3CX Live Chat 6.0.01 3CX Live Chat 6.0.02 3CX Live Chat 6.0.03 3CX Live Chat 6.0.04 3CX Live Chat 6.0.05 3CX Live Chat 6.0.06 3CX Live Chat 6.0.07 3CX Live Chat 6.1.00 3CX Live Chat 6.1.01 3CX Live Chat 6.1.02 3CX Live Chat 6.2.00 3CX Live Chat 6.2.01 3CX Live Chat 6.2.02 3CX Live Chat 6.2.03 3CX Live Chat 6.2.04 3CX Live Chat 6.2.05 3CX Live Chat 6.2.06 3CX Live Chat 6.2.07 3CX Live Chat 6.2.08 3CX Live Chat 6.2.09 3CX Live Chat 6.2.10 3CX Live Chat 6.2.11 3CX Live Chat 7.0.00 3CX Live Chat 7.0.01 3CX Live Chat 7.0.02 3CX Live Chat 7.0.03 3CX Live Chat 7.0.04 3CX Live Chat 7.0.05 3CX Live Chat 7.0.06 3CX Live Chat 7.0.07 3CX Live Chat 7.0.08 3CX Live Chat 7.1.00 3CX Live Chat 7.1.01 3CX Live Chat 7.1.02 3CX Live Chat 7.1.03 3CX Live Chat 7.1.04 3CX Live Chat 7.1.05 3CX Live Chat 7.1.06 3CX Live Chat 7.1.07 3CX Live Chat 7.1.08 3CX Live Chat 8.0.00 3CX Live Chat 8.0.01 3CX Live Chat 8.0.02 3CX Live Chat 8.0.03 3CX Live Chat 8.0.04 3CX Live Chat 8.0.05 3CX Live Chat 8.0.06 3CX Live Chat 8.0.07 3CX Live Chat 8.0.08 3CX Live Chat 8.0.09 3CX Live Chat 8.0.11 3CX Live Chat 8.0.12 3CX Live Chat 8.0.13 3CX Live Chat 8.0.14 3CX Live Chat 8.0.15 3CX Live Chat 8.0.16 3CX Live Chat 8.0.17 3CX Live Chat 8.0.18 3CX Live Chat 8.0.19 3CX Live Chat 8.0.20 3CX Live Chat 8.0.21 3CX Live Chat 8.0.22 3CX Live Chat 8.0.23 3CX Live Chat 8.0.24 3CX Live Chat 8.0.25 3CX Live Chat 8.0.26 3CX Live Chat 8.0.27 3CX Live Chat 8.0.28 3CX Live Chat 8.0.29 3CX Live Chat 8.0.30 3CX Live Chat 8.0.31 3CX Live Chat 8.0.32	149

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

The Hacker News

id	THN:A8FD438EB0C2425F346DDD4C097E4455
last seen	2019-06-11
modified	2019-06-11
published	2019-06-11
reporter	The Hacker News
source	https://thehackernews.com/2019/06/wordpress-live-chat-plugin.html
title	New Flaw in WordPress Live Chat Plugin Lets Hackers Steal and Hijack Sessions

Vulnerabilities > CVE-2019-12498 - Missing Authorization vulnerability in 3CX Live Chat

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

The Hacker News

Related news

References