wordpress live chat plugin hacked

Security researchers warned about a critical vulnerability they found in one of the famous WordPress Live Chat plugins that could allow unauthorized remote attackers to steal chat logs or manipulate chat sessions if they were exploited.

The vulnerability, recognized as CVE-2019-12498, lies in the “WP Live Chat Support” that more than 50,000 companies are presently using to provide customer support and chat with tourists via their websites.

Discovered by Alert Logic’s cybersecurity researchers, the defect stems from an inappropriate authentication check that would seem to allow unauthenticated users to access limited endpoints of the REST API.

WordPress chat Plugin hacked

As researchers have outlined, a prospective remote attacker may use exposed endpoints for malicious purposes, including:

  • Trying to steal the history of chat for all chat sessions,
  • modifying or deleting the chat history
  • Messages injected into an active chat session, posted as a customer support officer,
  • Strongly terminating active chat sessions as part of a service denial (DoS) assault

Also Read:

The problem impacts all websites of WordPress, as well as their clients, who still use WP Live Chat Support version 8.0.32 or earlier to provide live support.

Researchers revealed the problem responsibly to the maintainers of this impacted WordPress plugin, who published an updated and patched version of their plugin just last week proactively and immediately.

WordPress chat Plugin hacked

Although researchers have not seen any effective exploitation of the defect in the wild yet, it is highly recommended that WordPress administrators install as quickly as possible the recent version of the plugin.

So guys if you find this article helpful then please share it with your friends too.

Also Read:


Please enter your comment!
Please enter your name here