Report
The RumbleTalk Live Group Chat plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handleRequest AJAX function in versions up to, and including, 6.1.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve or update tokens, create, update, refresh, and delete chats, and create accounts.
Score:5.4
Severity:Medium
Version: 6.2.5
There is a patch available in v6.2.6 and we strongly recommend you update to this version as soon as possible.
