Support » Plugin: WP Live Chat Support » Seems Like Malware Getting Injected

  • Sachin

    (@sachinbille)


    Lately, our sites that were using this plugin suddenly starts redirecting to some spammy URLs like “checkaccuefriends dot info”. After deactivating the plugin and removing it altogether resolved the issue. Do not use this plugin unless and until the developer resolves the issue. Otherwise, it was serving its purpose.

Viewing 5 replies - 1 through 5 (of 5 total)
  • theacsman

    (@theacsman)

    If you go to your Users list, check for an unauthorized user who goes by a name of something like wordpress_maintenance and who registered with your IP address and username, thereby flying under the radar

    That new user has Administrator privileges and a Yandex domain

    If you deactivate WP Chat Live and then remove the user you are fine. If you reactivate the plugin the user will re-appear.

    I deleted the app rather than searching for the injected code and will await an effective patch

    @theacsman I face same Problem but Now it ok. May be fixed
    A unknown Admin Login in my admin dashboard which email is wp-update@yandex.com
    And when I visit my website I found unexpected link masking / Malware
    After that I was Install Wordfence Plugin but WP Live Chat not Install cos it very helpful for my business.

    Thanks Wp Live Chat

    Plugin Author WP-LiveChat

    (@wp-livechat)

    Hi there,

    We’re working hard towards hardening our plugin security. Existing users can update to the 8.0.29 version which contains a fix against this vulnerability.

    we’re also working on releasing a user workaround for those who were affected. We’re hoping to have something new in the next few days.

    As soon as I upgraded to 8.0.30, I got that user register on site. I use manual approval, but the guy approved himself and gave himself administrator privileges. I deleted plugin because there is serious flaw going on…

    • This reply was modified 1 month, 3 weeks ago by  dadaas.
    Plugin Contributor DylanAuty

    (@dylanauty)

    Hi all,

    Our apologies for the trouble experienced. We have been working closely with the review team to ensure these issues are resolved in the latest release of the plugin.

    The latest version of WP Live Chat Support includes a complete security update which prevents further attacks and attempts to remove any code injected by earlier attackers as well.

    We do realize this has affected a number of users and we do apologize for the inconvenience and frustration this has caused.

Viewing 5 replies - 1 through 5 (of 5 total)
  • You must be logged in to reply to this review.