CVE-2020-36838

Name of the Vulnerable Software and Affected Versions Facebook Chat Plugin for WordPress versions up to and including 1.5

Description The Facebook Chat Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp ajax update options function. This flaw makes it possible for low-level authenticated attackers to connect their own Facebook Messenger account to any site running the vulnerable plugin and engage in chats with site visitors on affected sites.

Recommendations For versions up to and including 1.5, update to a version that includes a fix for this issue. As a temporary workaround, consider disabling the wp ajax update options function until a patch is available. Restrict access to the plugin's functionality to minimize the risk of exploitation. Avoid using the vulnerable plugin until the issue is resolved.