A high severity bug found in Facebook’s official chat plugin for WordPress websites could allow attackers to intercept messages sent by visitors to the vulnerable sites’ owner. The Facebook Chat plugin allows WordPress website owners to embed a chat pop-up to communicate with visitors in real-time through Facebook’s messaging platform for Facebook Pages. Wordfence also found a critical bug in Google’s official plugin with 300,000 installations that could let attackers gain owner access to targeted sites’ Google Search Console and facilitate black hat SEO campaigns.
Source: https://www.bleepingcomputer.com/news/security/facebook-plugin-bug-lets-hackers-hijack-wordpress-sites-chat/