Persistent Cross-site Scripting in WP Live Chat Support Plugin
During a routine research audits for our Sucuri Firewall, we discovered an Unauthenticated Persistent Cross-Site Scripting (XSS) affecting 60,000+ users of the WP Live Chat Support WordPress plugin.
Current State of the Vulnerability
Though this security bug has been fixed in the 8.0.27 release, it can be exploited by an attacker without any account in the vulnerable site.
We are not aware of any exploit attempts currently using this vulnerability.