WordPress Plugin Vulnerabilities

WP Live Chat Support Pro < 8.0.0.7 - Unauthenticated RCE

Description

The wp-live-chat-support-pro WordPress plugin was affected by an Unauthenticated RCE security vulnerability.

Affects Plugins

Plugin icon
wp-live-chat-support-pro
Fixed in 8.0.0.7

References

CVE
CVE-2018-12426
URL
https://github.com/RiieCco/write-ups/tree/master/CVE-2018-12426

Classification

Type
RCE
OWASP top 10
A1: Injection
CWE
CWE-94
CVSS
9.8 (critical)

Miscellaneous

Verified
No
WPVDB ID
2f21abd4-ddce-41bf-9b72-66a8b599437e

Timeline

Publicly Published
2019-03-11 (about 5 years ago)
Added
2019-08-23 (about 4 years ago)
Last Updated
2020-09-22 (about 3 years ago)

Other

Published
Title
Published
2014-09-22
Title
Flash Uploader <= 3.1.2 - Arbitrary Comm& Execution
Published
2022-02-08
Title
PHP Everywhere < 3.0.0 - Contributor+ RCE via Gutenberg Block
Published
2022-10-14
Title
WP All Import < 3.6.9 - Admin+ Arbitrary File Upload to RCE
Published
2014-08-01
Title
Hungred Post Thumbnail - hpt_file_upload.php File Upload PHP Code Execution
Published
2014-08-01
Title
Zingiri Web Shop <= 2.2.3 - ajax_file_cut.php selectedDoc Parameter Remote PHP Code