XSS Flaw Found in WP Live Chat Support Plugin
For the second time in less than two months, researchers discovered a serious vulnerability in the WordPress WP Live Chat Support plugin, which allows users to install a live chat function onto their site. The cross-site scripting (XSS) flaw could permit a remote threat actor to inject code into vulnerable websites without authenticating, making it possible to automate attacks. The NJCCIC recommends site administrators update their plugin to version 8.0.29 as soon as possible. For more information on the vulnerability, review the Sucuri blog post.