YITH-Chat is a big security risk

This topic contains 0 replies, has 1 voice, and was last updated by Penny Dreadful 10 months, 2 weeks ago.

Viewing 1 post (of 1 total)

Author

Posts
July 9, 2018 at 3:17 pm #20192

Penny Dreadful
Participant

Just got a notification from Google regarding the YITH Chat plugin:

We’ve detected the following issue(s) with your security rules:

any user can read your entire database

any user can write to your entire database

Without strong security rules, anyone who has the address of your database can read/write to it, leaving your data vulnerable to attackers stealing, modifying or deleting data as well as creating costly operations.

INSECURE RULES
YITH Live Chat Plugin
Database
yith-live-chat-plugin

I uninstalled this plugin immediately.
Author

Posts

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.