Vulnerabilities and security researches foressential-chat-support essential-chat-support

May 18, 2026

CVE, Research URL: CVE-2026-8681
Home page URL: Security reports for Essential Chat Support
Application: Essential Chat Support
Date: May 16, 2026
Research Description: The Essential Chat Support plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to reset all plugin configuration settings — including general settings, display rules, custom CSS, and WooCommerce tab settings — to their defaults by sending a POST request with ecs_reset_settings=1.
Affected versions: max 1.0.1.
Status: vulnerable