Researchers discovered a stored/persistent cross-site scripting (XSS) vulnerability in the WP Live Chat Support plugin for WordPress. The flaw could be exploited by remote, unauthenticated attackers to inject malicious scripts in websites running WordPress CMS and using the plugin. The issue could be used by a remote attacker that does not have an account on the affected website. The plugin currently has over 60,000 installs, it implements a chat solution for customer engagement and conversion. An XSS is persistent when the malicious code is added to a section that is stored on the server.”]
Source: https://securityaffairs.co/wordpress/85683/hacking/wp-live-chat-plugin-bug.html