If you go to your Users list, check for an unauthorized user who goes by a name of something like wordpress_maintenance and who registered with your IP address and username, thereby flying under the radar
That new user has Administrator privileges and a Yandex domain
If you deactivate WP Chat Live and then remove the user you are fine. If you reactivate the plugin the user will re-appear.
I deleted the app rather than searching for the injected code and will await an effective patch
@theacsman I face same Problem but Now it ok. May be fixed
A unknown Admin Login in my admin dashboard which email is wp-update@yandex.com
And when I visit my website I found unexpected link masking / Malware
After that I was Install Wordfence Plugin but WP Live Chat not Install cos it very helpful for my business.
Thanks Wp Live Chat
Hi there,
We’re working hard towards hardening our plugin security. Existing users can update to the 8.0.29 version which contains a fix against this vulnerability.
we’re also working on releasing a user workaround for those who were affected. We’re hoping to have something new in the next few days.
As soon as I upgraded to 8.0.30, I got that user register on site. I use manual approval, but the guy approved himself and gave himself administrator privileges. I deleted plugin because there is serious flaw going on…
-
This reply was modified 4 years, 11 months ago by
dadaas.
Hi all,
Our apologies for the trouble experienced. We have been working closely with the review team to ensure these issues are resolved in the latest release of the plugin.
The latest version of WP Live Chat Support includes a complete security update which prevents further attacks and attempts to remove any code injected by earlier attackers as well.
We do realize this has affected a number of users and we do apologize for the inconvenience and frustration this has caused.
