Improper access control in The Official Facebook Chat Plugin for WordPress

CERT-LatestNews ThreatsCybercrime
Description. The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality. The vulnerability exists due to improper access restrictions in the "wp_ajax_update_options" AJAX action. A remote authenticated attacker can send a request to update the....