First published: Fri Mar 20 2020(Updated: )
The WP Live Chat Support plugin before 8.0.33 for WordPress accepts certain REST API calls without invoking the wplc_api_permission_check protection mechanism.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
3cx Live Chat | <8.0.33 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this security issue is CVE-2019-12498.
CVE-2019-12498 has a severity rating of 9.8 (Critical).
The WP Live Chat Support plugin version up to 8.0.32 for WordPress is affected by CVE-2019-12498.
The WP Live Chat Support plugin before 8.0.33 does not invoke the wplc_api_permission_check protection mechanism.
To fix the vulnerability, update the WP Live Chat Support plugin to version 8.0.33 or higher.