Site admins using WP Live Chat Support for WordPress are advised to update the plugin to the latest version to close a persistent cross-site scripting (XSS) vulnerability that can be abused without authentication. […]
Click here for original story, Bug in WordPress Live Chat Plugin Lets Hackers Inject Scripts
Source: Bleeping Computer