A critical vulnerability has been discovered in a popular WordPress Live Chat plugin. The plugin is being used by over 50,000 businesses to provide customer support and chat with visitors through their websites. The flaw originates because of an improper validation check for authentication that apparently could allow unauthenticated users to access restricted REST API endpoints. The issue affects all WordPress websites, and also their customers, who are still using WP Live Chat Support version 8.0.32 or earlier to offer live support. The maintainers of the plugin released an updated and patched version of their plugin just last week.
Source: https://thehackernews.com/2019/06/wordpress-live-chat-plugin.html