During a routine research audits for our Sucuri Firewall, we discovered an Unauthenticated Persistent Cross-Site Scripting (XSS) affecting 60,000+ users of the  WP Live Chat Support  WordPress plugin.

Current State of the Vulnerability

Though this security bug has been fixed in the 8.0.27 release, it can be exploited by an attacker without any account in the vulnerable site.

We are not aware of any exploit attempts currently using this vulnerability.

Continue reading Persistent Cross-site Scripting in WP Live Chat Support Plugin at Sucuri Blog.

Via Sucuri.net