VYPR

Live Chat Pro (All in One Messaging)

by FriendsOfPresta

CVEs (1)

  • CVE-2024-36679CriJun 19, 2024
    risk 0.65cvss 10.0epss 0.01

    In the module "Module Live Chat Pro (All in One Messaging)" (livechatpro) <=8.4.0, a guest can perform PHP Code injection. Due to a predictable token, the method `Lcp::saveTranslations()` suffer of a white writer that can inject PHP code into a PHP file.