Threat Post

WordPress WP Live Chat Support Plugin Fixes XSS Flaw

A cross-site scripting flaw in a popular WordPress plugin enables an unauthenticated attacker to insert JavaScript payloads into impacted websites. For the second time this month a patch has been ...
Bleeping Computer

WordPress Chat Plugin Bug Lets Hackers Inject Text, Steal Logs

Admins of websites with WP Live Chat Support for Wordpress installations should immediately update the plugin to version 8.0.33 or later to patch a critical authentication bypass which can be ...
Bleeping Computer

Bug in WordPress Live Chat Plugin Lets Hackers Inject Scripts

Site admins using WP Live Chat Support for Wordpress are advised to update the plugin to the latest version to close a persistent cross-site scripting (XSS) vulnerability that can be abused without ...
TechRadar

Critical flaw in WordPress live chat discovered

Security researchers have discovered a critical flaw in WordPress Live Chat Support which can be exploited by an attacker without the need for valid credentials. Over 50,000 websites have installed ...