One of the changelog entries for the latest version of Author Chat is “Security fix”. In looking into what was done we found that the plugin still seems to be rather insecure and probably shouldn’t be used without the security of it being thoroughly reviewed and improved. It also looks to have other issues, since for example, we found that one of its database tables is only created if you activate the plugin for a second time.

...

---

This post provides insights on a vulnerability in a WordPress plugin not discovered by us, where the discoverer hadn't provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so the rest of its contents are limited to subscribers of our service.

If you were using our service, you would have already been warned about this vulnerability if your website is vulnerable due to it. You can try out our service for free and then see the rest of the details of the vulnerability.

For existing customers, please log in to your account to view the contents of the post.