CVE-2024-36679

Name of the Vulnerable Software and Affected Versions Module Live Chat Pro (All in One Messaging) versions prior to 8.4.0

Description The issue allows a guest to perform PHP code injection due to a predictable token. The method Lcp::saveTranslations() is vulnerable, enabling the injection of PHP code into a PHP file.

Recommendations For Module Live Chat Pro (All in One Messaging) versions prior to 8.4.0, update to version 8.4.0 or later to resolve the issue. As a temporary workaround, consider disabling the Lcp::saveTranslations() function until a patch is available. Restrict access to the module to minimize the risk of exploitation.