WordPress LiveChat plugin before < 3.7.6 lacked CSRF and authorization checks on the option update handler in the LiveChatAdmin constructor. The code ran on any POST to a wp-admin URL without Referer validation, nonce check, or capability verification. This allowed unauthenticated attackers to update plugin settings.
登录后查看神龙缓存的 POC 文件快照
登录查看