CVE-2023-1651

The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in the AJAX action responsible to update the OpenAI settings, allowing any authenticated users, such as subscriber to update them. Furthermore, due to the lack of escaping of the settings, this could also lead to Stored XSS
Configurations

Configuration 1 (hide)

cpe:2.3:a:quantumcloud:ai_chatbot:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 07:39

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/c88b22ba-4fc2-49ad-a457-224157521bad - Exploit () https://wpscan.com/vulnerability/c88b22ba-4fc2-49ad-a457-224157521bad - Exploit

07 Nov 2023, 04:04

Type Values Removed Values Added
CWE CWE-79
CWE-352

Information

Published : 2023-05-08 14:15

Updated : 2024-11-21 07:39


NVD link : CVE-2023-1651

Mitre link : CVE-2023-1651

CVE.ORG link : CVE-2023-1651


JSON object : View

Products Affected

quantumcloud

  • ai_chatbot
CWE

No CWE.