CVE-2019-12498

Name of the Vulnerable Software and Affected Versions WP Live Chat Support plugin versions prior to 8.0.33

Description The issue allows unauthorized remote attackers to steal chat logs and manipulate sessions due to certain REST API calls being accepted without invoking the wplc api permission check protection mechanism. Over 50,000 businesses are potentially affected.

Recommendations For versions prior to 8.0.33, update to version 8.0.33 or later to resolve the issue. As a temporary workaround, consider restricting access to the REST API endpoints until the update is applied.