MEDIUM
essentialplugin
CVE published 2026-05-16
CVE-2026-8681
The Essential Chat Support plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.1. The plugin fails to properly verify that a user is authorized to perform actions, allowing unauthenticated attackers to reset all plugin configuration settings—including general settings, display rules, custom CSS, and WooCommerce tab settings—to their defaults by sending a PO [truncated]