CVE-2022-2039: 
WordPress vulnerability analysis and mitigation

The Free Live Chat Support WordPress plugin versions up to 1.0.11 contained a Cross-Site Request Forgery (CSRF) vulnerability identified as CVE-2022-2039. The vulnerability was discovered in June 2022 and was due to missing nonce protection on the livesupporti_settings() function found in the livesupporti.php file (NVD). The vulnerability received a CVSS score of 8.8 (High) (Wordfence).

The vulnerability existed due to the absence of nonce protection in the livesupporti_settings() function within the ~/livesupporti.php file. This security control omission made it possible for attackers to perform unauthorized actions through CSRF attacks. The issue was addressed in version 1.0.12 by implementing proper nonce verification checks (WordPress Plugin Repository).

The vulnerability could allow attackers to perform unauthorized actions in the context of authenticated administrators who have access to the plugin settings. This could potentially lead to unauthorized changes to the chat support configuration and settings (Wordfence).

The vulnerability was patched in version 1.0.12 of the Free Live Chat Support plugin. Site administrators should update to this version or later to protect against this vulnerability. The fix implemented proper nonce verification for the settings function (WordPress Plugin Repository).