WP Live Chat Support Pro - File Upload Bypass



Description
Note: The free and pro version have been merged in WP Live Chat Support 8.0.27

Affects Plugin

fixed in version 8.0.32

References

CVE 2019-11185
URL https://blog.alertlogic.com/alert-logic-uncovers-new-vulnerability-in-wordpress-wp-live-chat-cve-2019-11185/
URL https://threatpost.com/wp-live-chat-wordpress-plugin-re-patches-file-upload-flaw/144420/

Classification

Type UPLOAD
CWE CWE-434

Miscellaneous

Original Researcher Alert logic
Submitter Ryan Dewhurst
Submitter Website https://wpscan.io
Submitter Twitter ethicalhack3r
Views 3993
Verified No
WPVDB ID 9320

Timeline

Publicly Published 2019-05-07 (3 months ago)
Added 2019-05-29 (3 months ago)
Last Updated 2019-05-29 (3 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin