CVE-2023-1650

The AI ChatBot WordPress plugin before 4.4.7 unserializes user input from cookies via an AJAX action available to unauthenticated users, which could allow them to perform PHP Object Injection when a suitable gadget is present on the blog
Configurations

Configuration 1 (hide)

cpe:2.3:a:quantumcloud:ai_chatbot:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 07:39

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/7d7fe498-0aa3-4fa7-b560-610b42b2abed - Exploit, Third Party Advisory () https://wpscan.com/vulnerability/7d7fe498-0aa3-4fa7-b560-610b42b2abed - Exploit, Third Party Advisory

Information

Published : 2023-05-08 14:15

Updated : 2024-11-21 07:39


NVD link : CVE-2023-1650

Mitre link : CVE-2023-1650

CVE.ORG link : CVE-2023-1650


JSON object : View

Products Affected

quantumcloud

  • ai_chatbot
CWE
CWE-502

Deserialization of Untrusted Data