WordPress Plugin Vulnerabilities

Live Chat - Live support < 3.2.0 - Cross-Site Request Forgery

Description

The plugin was affected by a Cross-Site Request Forgery issue, which may allow attackers to change some of the settings. It also appears that some Authenticated Cross-Site Scripting issues have been fixed, which could be used along with the CSRF to perform Stored XSS attacks.

Affects Plugins

Plugin icon
onwebchat
Fixed in 3.2.0

References

CVE
CVE-2020-5642
URL
https://plugins.trac.wordpress.org/changeset?new=2386845%40onwebchat&old=2364589%40onwebchat

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Yusuke Fukuda
Verified
No
WPVDB ID
cafba321-bb48-44dd-9497-074707398f61

Timeline

Publicly Published
2020-10-14 (about 5 years ago)
Added
2020-10-14 (about 5 years ago)
Last Updated
2020-10-15 (about 5 years ago)

Other

Published
Title
Published
2024-11-01
Title
SH Slideshow <= 4.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-12-04
Title
Bread & Butter < 8.0.1398 - Arbitrary File Upload via CSRF
Published
2023-04-13
Title
Enable Accessibility <= 1.4 - CSRF
Published
2023-02-14
Title
Conditional Payments for WooCommerce < 2.3.2 - Plugin RuleSets Activation/Deactivation via CSRF
Published
2024-04-11
Title
Wow Skype Buttons < 4.0.4 - Button Deletion via CSRF