A cross-site scripting flaw in a popular WordPress plugin enables an unauthenticated attacker to insert JavaScript payloads into impacted websites.

For the second time this month a patch has been issued for the WordPress add-on called WP Live Chat Support Plugin. This time around it’s a cross-site scripting (XSS) vulnerability.

The WP Live Chat Support is a popular WordPress plugin that allows users to install a pop-up “chat” plugin to their websites for customer service functions. The plugin has more than 60,000 users. On May 6, a WordPress file-upload bug was also patched in the plugin.

Källa: WordPress WP Live Chat Support Plugin Issues Second Patch in Month