Researchers have issued a warning for users of the WordPress Live Chat plugin. This flaw, if exploited could allow attackers to hijack the chat session to watch it or steal information. The flaw originates from the improper validation check for authentication that could potentially allow an unauthorized user to access private chats. The WordPress Live Chat plugin is stated to be used by over 50,000 businesses to provide customer support and chat with consumers through their websites. A potential attacker using this vulnerability could access and steal, modify or delete chat history, inject messages, impersonate a customer service agent or force close the chat as part of a denial of service (DoS) attack. The issue affects all Word Press users that are still using WP Live Chat Support version 8.0.32 or earlier. Researchers reported the issue to WordPress and WordPress immediately released an updated and patched version of their plugin.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security