Cloud Defense Logo

Products

Solutions

Company

CVE-2018-11105 : What You Need to Know

Learn about CVE-2018-11105, a stored cross-site scripting vulnerability in the wp-live-chat-support plugin for WordPress. Find out the impact, affected systems, exploitation method, and mitigation steps.

WordPress wp-live-chat-support plugin before version 8.0.08 is vulnerable to stored cross-site scripting, allowing attackers to exploit the 'name' and 'email' input fields.

Understanding CVE-2018-11105

This CVE involves a stored cross-site scripting vulnerability in the wp-live-chat-support plugin for WordPress.

What is CVE-2018-11105?

The wp-live-chat-support plugin before version 8.0.08 for WordPress contains a stored cross-site scripting vulnerability. This flaw can be abused by a malicious actor initiating a new chat with an administrator using specific input fields.

The Impact of CVE-2018-11105

The vulnerability allows attackers to execute malicious scripts in the context of an administrator, potentially leading to unauthorized actions or data theft.

Technical Details of CVE-2018-11105

This section provides more technical insights into the vulnerability.

Vulnerability Description

The wp-live-chat-support plugin before version 8.0.08 for WordPress is susceptible to stored cross-site scripting via the 'name' and 'email' input fields in specific endpoints.

Affected Systems and Versions

        Affected Version: wp-live-chat-support plugin before 8.0.08
        Systems: WordPress installations using the vulnerable plugin

Exploitation Mechanism

Attackers can exploit this vulnerability by initiating a chat with an administrator using the 'name' and 'email' input fields, allowing the injection of malicious scripts.

Mitigation and Prevention

Protecting systems from CVE-2018-11105 requires immediate actions and long-term security practices.

Immediate Steps to Take

        Update the wp-live-chat-support plugin to version 8.0.08 or newer.
        Monitor and restrict access to the wp-json/wp_live_chat_support/v1/start_chat endpoint.

Long-Term Security Practices

        Regularly update all plugins and themes in WordPress installations.
        Implement input validation and output encoding to prevent cross-site scripting attacks.

Patching and Updates

Ensure timely installation of security patches and updates for WordPress plugins and core to mitigate the risk of such vulnerabilities.

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now