Vulnerabilities > CVE-2019-12498 - Missing Authorization vulnerability in 3CX Live Chat

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
3cx
CWE-862

Summary

The WP Live Chat Support plugin before 8.0.33 for WordPress accepts certain REST API calls without invoking the wplc_api_permission_check protection mechanism.

Vulnerable Configurations

Part Description Count
Application
3Cx
149

Common Weakness Enumeration (CWE)

The Hacker News

idTHN:A8FD438EB0C2425F346DDD4C097E4455
last seen2019-06-11
modified2019-06-11
published2019-06-11
reporterThe Hacker News
sourcehttps://thehackernews.com/2019/06/wordpress-live-chat-plugin.html
titleNew Flaw in WordPress Live Chat Plugin Lets Hackers Steal and Hijack Sessions