PhoneSpeck Press Release

Tuesday, June 11, 2019

WP Live Chat plugin vulnerability gives hackers ability to manipulate chat sessions

WP Live Chat plugin bug

Image by simplu27 from Pixabay

Wordpress live chat plugin suffers a critical vulnerability that allows hackers to gain unauthorized access to chat sessions without valid credentials. The new vulnerability was discovered by security researchers at Alert Logic.

The affected live chat bearing version number was 8.0.32 and earlier, however, the software developers has released an updated version 8.0.33 to fix the bug. The bug has been identified as CVE-2019-12498, according to Alert Logic.

Undiscovered bugs enable hackers to hijack chat logs and REST API functionality, which means that an attacker was able to insert their own text into an active chat window that could expose highly sensitive data communicated between a customer representative and a site visitor.

It has not been confirmed whether the attacker actively exploited the software, said Alert Logic. The researchers further stated that attacker was able to extract the entire chat history of all chat sessions.

Now moving around live chat plugin - Chatting plugin is a widely used software installed by more than 50,000 Wordpress websites to provide on-site chat support for business owners. The plugin in question is primarily used to handle customer requests and feedback.

Source   Via

Read other related articles

Also read other articles

© Copyright 2019 PhoneSpeck | All Right Reserved