Porthos
Well-Known Member
- Reaction score
- 14,065
- Location
- San Antonio Tx
Hackers are currently attacking WordPress websites with outdated versions of the WP Live Chat Support plugin to redirect visitors to malicious locations or expose them to unwanted popups and fake subscriptions.
Earlier this month BleepingComputer reported that plugin versions before 8.0.7 are affected by a stored cross-site scripting (XSS) vulnerability that can be leveraged without authentication. This allows injecting malicious JavaScript on multiple pages of an affected website.
WP Live Chat Support has over 50,000 active installations at the time of writing and is intended as a free chat for engaging customers and increasing conversion rates.
https://www.bleepingcomputer.com/ne...law-used-for-malicious-redirects-and-pop-ups/
Earlier this month BleepingComputer reported that plugin versions before 8.0.7 are affected by a stored cross-site scripting (XSS) vulnerability that can be leveraged without authentication. This allows injecting malicious JavaScript on multiple pages of an affected website.
WP Live Chat Support has over 50,000 active installations at the time of writing and is intended as a free chat for engaging customers and increasing conversion rates.
https://www.bleepingcomputer.com/ne...law-used-for-malicious-redirects-and-pop-ups/
