4 matches found
CVE-2019-12498
The WP Live Chat Support plugin before 8.0.33 for WordPress accepts certain REST API calls without invoking the wplcapipermissioncheck protection mechanism...
CVE-2019-12498
The CVE-2019-12498 entry affects the WordPress WP Live Chat Support plugin, where versions prior to 8.0.33 allow unauthenticated REST API access because the wplc_api_permission_check protection is not invoked. Public sources (NVD, Red Hat, CVE lists) describe this as an API-authentication bypass ...
New Flaw in WordPress Live Chat Plugin Lets Hackers Steal and Hijack Sessions
Security researchers have been warning about a critical vulnerability they discovered in one of a popular WordPress Live Chat plugin, which, if exploited, could allow unauthorized remote attackers to steal chat logs or manipulate chat sessions. The vulnerability, identified as CVE-2019-12498,...
New Flaw in WordPress Live Chat Plugin Lets Hackers Steal and Hijack Sessions
Security researchers have been warning about a critical vulnerability they discovered in one of a popular WordPress Live Chat plugin, which, if exploited, could allow unauthorized remote attackers to steal chat logs or manipulate chat sessions. The vulnerability, identified as CVE-2019-12498,...