Wordpress live chat plugin suffers a critical vulnerability that allows hackers to gain unauthorized access to chat sessions without valid credentials. The new vulnerability was discovered by security researchers at Alert Logic.
The affected live chat bearing version number was 8.0.32 and earlier, however, the software developers has released an updated version 8.0.33 to fix the bug. The bug has been identified as CVE-2019-12498, according to Alert Logic.
Undiscovered bugs enable hackers to hijack chat logs and REST API functionality, which means that an attacker was able to insert their own text into an active chat window that could expose highly sensitive data communicated between a customer representative and a site visitor.
It has not been confirmed whether the attacker actively exploited the software, said Alert Logic. The researchers further stated that attacker was able to extract the entire chat history of all chat sessions.
Now moving around live chat plugin - Chatting plugin is a widely used software installed by more than 50,000 Wordpress websites to provide on-site chat support for business owners. The plugin in question is primarily used to handle customer requests and feedback.
FOLLOW THE PhoneSpeck AT TWITTER TO GET THE LATEST TECHNOLOGICAL UPDATE
Follow PhoneSpeck on Instagram to get the latest technological updates
Follow our Instagram