Facebook Chat Plugin WP 1.5 Auth Bypass via wp_ajax_update_options
CVE-2020-36838 Published on October 16, 2024
Facebook Chat Plugin <= 1.5 - Missing Capabilities Check
The Facebook Chat Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_update_options function in versions up to, and including, 1.5. This flaw makes it possible for low-level authenticated attackers to connect their own Facebook Messenger account to any site running the vulnerable plugin and engage in chats with site visitors on affected sites.
Timeline
Disclosed
Weakness Type
What is an Authorization Vulnerability?
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVE-2020-36838 has been classified to as an Authorization vulnerability or weakness.
Products Associated with CVE-2020-36838
Want to know whenever a new CVE is published for Facebook? stack.watch will email you.
Affected Versions
Facebook Chat Plugin – Live Chat Plugin for WordPress:- Before 1.6 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.