CVE-2019-12498
CRITICAL3cx Live Chat < 8.0.33 - Missing Authorization via REST API
Title source: llmDescription
The WP Live Chat Support plugin before 8.0.33 for WordPress accepts certain REST API calls without invoking the wplc_api_permission_check protection mechanism.
References (3)
Core 3
Core References
Product x_refsource_misc
https://wordpress.org/plugins/wp-live-chat-support/#developers
Patch x_refsource_confirm
https://plugins.trac.wordpress.org/changeset/2098577/wp-live-chat-support/trunk
Product x_refsource_confirm
https://plugins.trac.wordpress.org/log/wp-live-chat-support/
Scores
CVSS v3
9.8
EPSS
0.0199
EPSS Percentile
78.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-862
Status
published
Products (1)
3cx/live_chat
< 8.0.33
Published
Mar 20, 2020
Tracked Since
Feb 18, 2026