Critical severity is coming to Acunetix Standard & Premium. Find out more on our blog.

WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Plugin Live Chat-Live support Cross-Site Request Forgery (3.1.0)

Description

WordPress Plugin Live Chat-Live support is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin Live Chat-Live support version 3.1.0 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 3.2.0 or latest

References

https://jvn.jp/en/jp/JVN92404841/index.html

https://plugins.svn.wordpress.org/onwebchat/trunk/readme.txt

Related Vulnerabilities

WordPress Plugin Affiliates Manager Multiple Vulnerabilities (2.9.13)

WordPress Plugin WP to Twitter Cross-Site Request Forgery (3.2.9)

WordPress Plugin Jayj Quicktag Multiple Vulnerabilities (1.3.1)

WordPress Plugin Auctions 'upload.php' Arbitrary File Upload (2.0.1.3)

WordPress Plugin WooCommerce Product Feed for Google, Facebook, eBay and Many More Security Bypass (2.2.26)

Severity

High

Classification

CVE-2020-5642 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Tags

Missing Update CSRF