John Jefferson Li, our Chief Information Security Officer got his first CVE while doing penetration testing on our brand new website and he discovered multiple and critical bugs on our chat system that leads to becoming a CVE. The security bug was found on our chat system that also we use for customer support. Currently, the chat support system is down while fixing the security bugs.
The chat system we are using is a WordPress plugin called Support Board. In our research, 1.8k+ or probably 100k+ (including nulled version) of websites are vulnerable. We discover that some banks are using this plugin for their customer support, that’s critical. If you are using v3.3.3 below then you must update it since the security bug is really critical and might cause serious damage to your database and your website. To learn more about the security bug report please check out this blog from John.
You can find the information about the CVE submitted here.
Our cybersecurity department is currently conducting continuous research on that plugin and we might release another update this month. We are planning to continue our research to reach more plugins for WordPress and making the internet a safer place not just for us but for others too.
If you’re looking for a reliable cybersecurity team that can help you to secure your digital assets don’t hesitate to reach out to us and let’s talk. You might want to check out other services we offer aside from cybersecurity services. We are looking for more talented information security enthusiasts to join our cybersecurity department. Looking forward to more security news and updates.