Cross-site Scripting Vulnerability in WP Live Chat Plugin Let Hackers to Inject Malicious JavaScript Payloads


WP Live Chat

An Unauthenticated Persistent Cross-Site Scripting vulnerability in WP Live Chat Support WordPress plugin allows hackers to inject malicious JavaScript payloads in the vulnerable website.

More than 60,000+ users used the plugin, it allows web admins to chat with visitors for free. An attacker can exploit the vulnerability in the plugin without having an account in the vulnerable site.

Sucuri discovered the vulnerability in WP Live Chat plugin during their routine research audits, the existence of live exploits for this vulnerability remains unknown.

Read more…