High severity7.4NVD Advisory· Published Oct 16, 2024· Updated Apr 15, 2026
CVE-2020-36838
CVE-2020-36838
Description
The Facebook Chat Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_update_options function in versions up to, and including, 1.5. This flaw makes it possible for low-level authenticated attackers to connect their own Facebook Messenger account to any site running the vulnerable plugin and engage in chats with site visitors on affected sites.
Affected products
2<=1.5+ 1 more
- (no CPE)range: <=1.5
- (no CPE)range: <=1.5
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.