Site admins using WP Live Chat Support for WordPress are advised to update the plugin to the latest version to close a persistent cross-site scripting (XSS) vulnerability. The plugin is installed on over 60,000 websites and is advertised as a free alternative to a fully functional chat solution for customer engagement and conversion. Researchers at Sucuri discovered that versions of the plugin previous to 8.0.27 are vulnerable to stored/persistent XSS, which can be exploited remotely by an attacker that does not have an account on the affected website.
Source: https://www.bleepingcomputer.com/news/security/bug-in-wordpress-live-chat-plugin-lets-hackers-inject-scripts/