The AI ChatBot WordPress plugin before 4.4.5 does not escape most of its settings before outputting them back in the dashboard, and does not have a proper CSRF check, allowing attackers to make a logged in admin set XSS payloads in them.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/d1784446-b3da-4175-9dac-20b030f19984 | Exploit Third Party Advisory |
Configurations
History
07 Nov 2023, 04:02
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-352 |
Information
Published : 2023-05-08 14:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-1011
Mitre link : CVE-2023-1011
CVE.ORG link : CVE-2023-1011
JSON object : View
Products Affected
quantumcloud
- ai_chatbot
CWE
No CWE.