CVE-2015-2039

Name of the Vulnerable Software and Affected Versions Acobot Live Chat & Contact Form plugin version 2.0

Description The issue allows remote attackers to hijack the authentication of administrators for requests, enabling them to change plugin settings or conduct cross-site scripting (XSS) attacks. This is achieved via the acobot token parameter in the "acobot" page to "wp-admin/options-general.php".

Recommendations For Acobot Live Chat & Contact Form plugin version 2.0, consider disabling the plugin until a patch is available to prevent exploitation. Avoid using the acobot token parameter in the affected API endpoint until the issue is resolved.