Select Page

Security researchers have been warning about a critical vulnerability they discovered in one of a popular WordPress Live Chat plugin, which, if exploited, could allow unauthorised remote attackers to steal chat logs or manipulate chat sessions.

The vulnerability, identified as CVE-2019-12498, resides in the “WP Live Chat Support” that is currently being used by over 50,000 businesses to provide customer support and chat with visitors through their websites.

Discovered by cybersecurity researchers at Alert Logic, the flaw originates because of an improper validation check for authentication that apparently could allow unauthenticated users to access restricted REST API endpoints.

images from Hacker News