CVE-2021-24914
The CVE-2021-24914 entry concerns the WordPress Tawk.To Live Chat plugin prior to version 0.6.0. The vulnerability is due to missing capability and CSRF checks in the tawkto_setwidget and tawkto_removewidget AJAX actions, exposing them to any authenticated user. This allows low-privileged users (...