Vulnerabilities > CVE-2019-12498 - Missing Authorization vulnerability in 3CX Live Chat
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The WP Live Chat Support plugin before 8.0.33 for WordPress accepts certain REST API calls without invoking the wplc_api_permission_check protection mechanism.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
The Hacker News
id | THN:A8FD438EB0C2425F346DDD4C097E4455 |
last seen | 2019-06-11 |
modified | 2019-06-11 |
published | 2019-06-11 |
reporter | The Hacker News |
source | https://thehackernews.com/2019/06/wordpress-live-chat-plugin.html |
title | New Flaw in WordPress Live Chat Plugin Lets Hackers Steal and Hijack Sessions |
References
- https://plugins.trac.wordpress.org/changeset/2098577/wp-live-chat-support/trunk
- https://plugins.trac.wordpress.org/changeset/2098577/wp-live-chat-support/trunk
- https://plugins.trac.wordpress.org/log/wp-live-chat-support/
- https://plugins.trac.wordpress.org/log/wp-live-chat-support/
- https://wordpress.org/plugins/wp-live-chat-support/#developers
- https://wordpress.org/plugins/wp-live-chat-support/#developers