Admins of websites with WP Live Chat Support for WordPress installations should immediately update the plugin to version 8.0.33 or later to patch a critical authentication bypass which can be exploited by attackers without valid credentials. The plugin currently has an installation base of over 50,000 websites and it is designed to provide a free live chat that makes it possible to get in touch with website visitors to provide live support. The exposed REST API endpoints could allow potential attackers to extract the full chat logs for all chats sessions logged on the website, to inject text into ongoing chat sessions, to edit messages, and to launch denial of service (DoS) attacks.
Source: https://www.bleepingcomputer.com/news/security/wordpress-chat-plugin-bug-lets-hackers-inject-text-steal-logs/