A vulnerability in a Facebook chat plugin for WordPress that allows website owners to embed a chat pop-up to communicate in real-time has been found by security researchers at Wordfence’s Threat Intelligence team. If successfully exploited, the vulnerability would allow an attacker to intercept and even alter private messages. An attacker could use this flaw to ruin the reputation of an organization through toxic interactions that could lose revenue and possibly drive business to competitors. With over 80,000 active installations, this flaw has received a 7.4 out of 10 on the CVSS scoring system. The Facebook security team has addressed the issue by releasing version 1.6 of the chat plugin but the update has only been downloaded around 25,000 times, leaving over 54,000 WordPress sites still vulnerable.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in