Unauthenticated Remote Code Execution in WP Live Chat Support Pro Plugin

Unauthenticated Remote Code Execution in WP Live Chat Support Pro Plugin

CVE-2018-12426 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The WP Live Chat Support Pro plugin before 8.0.07 for WordPress is vulnerable to unauthenticated Remote Code Execution due to client-side validation of allowed file types, as demonstrated by a v1/remote_upload request with a .php filename and the image/jpeg content type.

Learn more about our Wordpress Pen Testing.