CVE-2023-1650

The AI ChatBot WordPress plugin before 4.4.7 unserializes user input from cookies via an AJAX action available to unauthenticated users, which could allow them to perform PHP Object Injection when a suitable gadget is present on the blog
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:quantumcloud:ai_chatbot:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2023-05-08 14:15

Updated : 2024-02-28 20:13


NVD link : CVE-2023-1650

Mitre link : CVE-2023-1650

CVE.ORG link : CVE-2023-1650


JSON object : View

Products Affected

quantumcloud

  • ai_chatbot
CWE
CWE-502

Deserialization of Untrusted Data