CVE-2026-8681 – Essential Chat Support

CVE ID :CVE-2026-8681

Published : May 16, 2026, 3:16 a.m. | 1 hour, 42 minutes ago

Description :The Essential Chat Support plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to reset all plugin configuration settings — including general settings, display rules, custom CSS, and WooCommerce tab settings — to their defaults by sending a POST request with ecs_reset_settings=1.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-8704 – Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified

CVE-2026-8700 – Crypt::DSA versions before 1.20 for Perl generate seeds using rand

CVE-2026-45667 – Open WebUI: Unauthenticated endpoint can trigger embedding generation (cost/DoS)

CVE-2026-45666 – Open WebUI: Indirect Object Reference (IDOR) in user notes