Yesterday, one of my clients got his website hacked and showed Adware on it which was pretty harming to his business and his website.
The disturbing part, it was due to a very famous WordPress plugin called “WP Live Chat Support” that didn’t implement security in a responsible way. If you are using it please deactivate it immediately until it is fixed (Although it is banned by now)
If you are looking for more info about what is XSS, you can watch this video: https://www.youtube.com/watch?v=L5l9lSnNMxg
Some steps for developers:
- Disable the “WP Live Chat Support” plugin
- Go to the options table & remove “WPLC_CUSTOM_JS” field