Summary: A critical vulnerability has been found in the Chaty Pro plugin for WordPress, impacting an estimated 18,000 sites by allowing attackers to take complete control. The flaw, identified as CVE-2025-26776, is due to an arbitrary file upload vulnerability that lacks proper security checks. Website owners are urged to update to version 3.3.4 or later, which includes necessary security enhancements.
Affected: Chaty Pro plugin for WordPress
Keypoints :
- Vulnerability allows attackers to upload malicious files and take over WordPress sites.
- Caused by insufficient authorization and security checks in the code.
- Patch released in version 3.3.4 implements secure file handling and validation.
- Website owners should update immediately to protect against potential attacks.