WP Live Chat Support < 8.0.33 - Missing Permission Checks on some REST API Calls



Description
"The WP Live Chat Support plugin before 8.0.33 for WordPress accepts certain REST API calls without invoking the wplc_api_permission_check protection mechanism."

Affects Plugin

fixed in version 8.0.33

References

CVE 2019-12498

Classification

Type PRIVESC
OWASP Top 10 A2: Broken Authentication and Session Management
CWE CWE-269

Miscellaneous

Original Researcher Jonny Milliken (Active Intelligence)
Views 831
Verified No
WPVDB ID 10140

Timeline

Publicly Published 2019-05-31 (about 1 year ago)
Added 2020-03-21 (4 months ago)
Last Updated 2020-03-22 (4 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin