CyberSec.Space Logo
Back to CVE Browser

CVE-2019-12498

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1170%
EPSS Percentile0.87th
PublishedMar 20, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

The WP Live Chat Support plugin before 8.0.33 for WordPress accepts certain REST API calls without invoking the wplc_api_permission_check protection mechanism.

Affected Platforms (CPE)

πŸ“¦
3cx

Live Chat

< 8.0.33

References & Advisories

πŸ”— https://plugins.trac.wordpress.org/changeset/2098577/wp-live-chat-support/trunk
πŸ”— https://plugins.trac.wordpress.org/log/wp-live-chat-support/
πŸ”— https://wordpress.org/plugins/wp-live-chat-support/#developers
πŸ”— https://plugins.trac.wordpress.org/changeset/2098577/wp-live-chat-support/trunk
πŸ”— https://plugins.trac.wordpress.org/log/wp-live-chat-support/
πŸ”— https://wordpress.org/plugins/wp-live-chat-support/#developers

Related Vulnerabilities

CVE-2019-111859.8

The WP Live Chat Support Pro plugin through 8.0.26 for WordPress contains an arbitrary file upload vulnerability. This results fro...

CVE-2019-186629.8

An issue was discovered in YouPHPTube through 7.7. User input passed through the live_stream_code POST parameter to /plugin/LiveCh...

CVE-2018-124269.8

The WP Live Chat Support Pro plugin before 8.0.07 for WordPress is vulnerable to unauthenticated Remote Code Execution due to clie...

CVE-2020-97589.6

An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (Helpdesk). A blind JavaScript injection lies in the name param...