CVE-2026-8681

Name of the Vulnerable Software and Affected Versions Essential Chat Support versions prior to 1.0.2

Description The Essential Chat Support plugin for WordPress contains an authorization bypass. The plugin fails to properly verify if a user is authorized to perform specific actions, allowing unauthenticated attackers to reset all plugin configuration settings to their defaults. This includes general settings, display rules, custom CSS, and WooCommerce tab settings. The issue is triggered by sending a POST request containing the parameter ecs reset settings=1.

Recommendations Update the plugin to a version later than 1.0.1.