WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Live Chat - Live support < 3.2.0 - Cross-Site Request Forgery

Description

The plugin was affected by a Cross-Site Request Forgery issue, which may allow attackers to change some of the settings. It also appears that some Authenticated Cross-Site Scripting issues have been fixed, which could be used along with the CSRF to perform Stored XSS attacks.

Affects Plugins

onwebchat
Fixed in version 3.2.0

References

CVE
CVE-2020-5642
URL
https://plugins.trac.wordpress.org/changeset?new=2386845%40onwebchat&old=2364589%40onwebchat

Classification

Type

CSRF

OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Original Researcher

Yusuke Fukuda

Verified

No

WPVDB ID
cafba321-bb48-44dd-9497-074707398f61

Timeline

Publicly Published

2020-10-14 (about 2 years ago)

Added

2020-10-14 (about 2 years ago)

Last Updated

2020-10-15 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin