WhatsApp Desktop was using an earlier Google’s Chrome web engine release (Chrome Ver. 69) with known flaws which made slip the rogue code relatively easy. It wasn’t hard to change texts, check for sensitive documents.
Facebook built WhatsApp on an Electron framework that makes it easier to deliver web-based multiplatform apps. Electron isn’t secure if an app is based on an outdated web engine.
When you update your desktop version and also update the app on your Andorid and iOS phones to the latest versions, you are probably safe. The flaws affects WhatsApp’s desktop software from version 0.3.9309 and earlier, and those who have paired the desktop app with WhatsApp for iOS versions prior to 2.20.10.
US National Vulnerability Data (NVD): “A vulnerability in WhatsApp Desktop when paired with WhatsApp for iPhone allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message.”
The solution: to update or, more simply, uninstall the app and reinstall it on the phone.