YITH-Chat is a big security risk

This topic has 0 replies, 1 voice, and was last updated 6 years, 11 months ago by Penny Dreadful.

Viewing 1 post (of 1 total)

Author

Posts
July 9, 2018 at 3:17 pm #20192

Penny Dreadful
Participant

Just got a notification from Google regarding the YITH Chat plugin:

We’ve detected the following issue(s) with your security rules:

any user can read your entire database

any user can write to your entire database

Without strong security rules, anyone who has the address of your database can read/write to it, leaving your data vulnerable to attackers stealing, modifying or deleting data as well as creating costly operations.

INSECURE RULES
YITH Live Chat Plugin
Database
yith-live-chat-plugin

I uninstalled this plugin immediately.
Author

Posts

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

Most of the WordPress Plugins & Themes in the GPLDL repository are available for free download - yes, free! - that is even better than buying at a discount, rebate, promotion or with a coupon code.

After signing up for a free membership, you will instantly get a download link to GPLDL's WordPress plugins and themes including future updates.

Where is the catch? There is none. We re-distribute 100% exact copies of GPL-licensedWordPress items, completely unmodified - that means *not* nulled, cracked or otherwise modified code without any serial numbers, API keys or support.

How can you help? If you like our service, please spread the word. If you can afford to financially support us, please make a donation. All donations will be used for (recurring) subscriptions of WordPress plugins & themes and to grow the catalog!