Advertisement
Top
image credit: Pixabay

Vulnerability in WordPress Live Chat Plugin allows to steal and hijack sessions

June 12, 2019

Via: Security Affairs
Category:

Experts at Alert Logic have discovered a vulnerability in the popular WordPress Live Chat plugin that could be exploited by an unauthorized remote attacker to steal chat logs or manipulate chat sessions.

The critical vulnerability, tracked as CVE-2019-12498, is a critical authentication bypass issue (CWE-287 / OWASP Top 10: A2: 2017-Broken Authentication) that affects version 8.0.32 and earlier of the plugin.

The vulnerability is caused by the improper validation check for authentication, the attacker can trigger it to access restricted REST API endpoints.

Read More on Security Affairs

RELATED PUBLICATIONS

Palo Alto Networks Warns of Exploited Firewall Vulnerability
Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS Software
CISA Warns of Actively Exploited JetBrains TeamCity Vulnerability

Latest Publications

AI set to play key role in future phishing attacks
U.S. Gov imposed Visa restrictions on 13 individuals linked to commercial spyware activity
5 Hard Truths About the State of Cloud Security 2024
Security Curated Copyright © 2024. All rights reserved
Go to ITCurated!