Critical XSS Vulnerability Found in Live Chat for Messenger Plugin
A critical vulnerability in Zotabox’s Live Chat for Facebook Messenger plugin was recently found. The plugin has over 30,000 active installations and allows for the integration of a messenger chat interface on a WordPress website.
The vulnerability lets any user access a function called update_zb_fbc_code through WordPress’s built-in AJAX functionality. As a result, the functions and settings of the plugin can be modified by anyone, regardless of whether they have WordPress access.
Is your website affected?
Shortly after the vulnerability was discovered, Patch 1.4.9 was released. This patch prevented the vulnerability from being executed.
To check what version you have installed, navigate to /wp-admin/plugins.php. Find the plugin in the list of your website’s plugins and look for a version number. Any number under 1.4.9 is vulnerable and should be updated as soon as possible.
Click here to download the newest, most secure version of the plugin as a .zip file.
Why is it important to update plugins?
WordPress is the most popular content management system on the web and powers around 33% of websites. Due to how popular WordPress is, hackers are always trying to find new ways to compromise its security.
One of the most common ways for hackers to attack WordPress sites is through plugins. Since plugins execute functions which affect how a WordPress site runs, they can often be compromised, resulting in a breach of security.
Updating plugins ensures that all known vulnerabilities are patched. This keeps your site more secure and protects it against attacks.
Protect your WordPress website against hacks and malware
In order to prevent attacks on your WordPress website, an effective security strategy is often necessary. This often includes a secure host, powerful anti-malware scanning and great support and customer service.
This is where we can help you. With our help, you can protect your website against all sorts of hacks, malware and vulnerabilities. Talk to us today to see how we can help you protect your WordPress website.
Alternatively, we can quickly fix and recover a hacked WordPress website.