CyberSec.Space Logo
Back to CVE Browser

CVE-2018-12426

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1330%
EPSS Percentile42.12th
PublishedJul 2, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

The WP Live Chat Support Pro plugin before 8.0.07 for WordPress is vulnerable to unauthenticated Remote Code Execution due to client-side validation of allowed file types, as demonstrated by a v1/remote_upload request with a .php filename and the image/jpeg content type.

Affected Platforms (CPE)

πŸ“¦
3cx

Live Chat

< 8.0.07

References & Advisories

πŸ”— https://github.com/CodeCabin/wp-live-chat-support/blob/master/readme.txt
πŸ”— https://github.com/RiieCco/write-ups/tree/master/CVE-2018-12426
πŸ”— https://wpvulndb.com/vulnerabilities/9697
πŸ”— https://github.com/CodeCabin/wp-live-chat-support/blob/master/readme.txt
πŸ”— https://github.com/RiieCco/write-ups/tree/master/CVE-2018-12426
πŸ”— https://wpvulndb.com/vulnerabilities/9697

Related Vulnerabilities

CVE-2019-186629.8

An issue was discovered in YouPHPTube through 7.7. User input passed through the live_stream_code POST parameter to /plugin/LiveCh...

CVE-2019-124989.8

The WP Live Chat Support plugin before 8.0.33 for WordPress accepts certain REST API calls without invoking the wplc_api_permissio...

CVE-2019-111859.8

The WP Live Chat Support Pro plugin through 8.0.26 for WordPress contains an arbitrary file upload vulnerability. This results fro...

CVE-2020-97589.6

An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (Helpdesk). A blind JavaScript injection lies in the name param...