7.5
CVSSv2

CVE-2019-12498

Published: 20/03/2020 Updated: 24/03/2020
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

The WP Live Chat Support plugin prior to 8.0.33 for WordPress accepts certain REST API calls without invoking the wplc_api_permission_check protection mechanism.

Vulnerability Trend

Recent Articles

WordPress Chat Plugin Bug Lets Hackers Inject Text, Steal Logs
BleepingComputer • Sergiu Gatlan • 10 Jun 2019

Admins of websites with WP Live Chat Support for Wordpress installations should immediately update the plugin to version 8.0.33 or later to patch a critical authentication bypass which can be exploited by attackers without valid credentials.
This Wordpress plugin currently has an installation base of over 50,000 websites and it is designed to provide a free live chat that makes it possible to get in touch with website visitors to provide live support.
As discovered by Alert L...