The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboard
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/1a5cbcfc-fa55-433a-a76b-3881b6c4bea2 | Exploit |
Configurations
History
07 Nov 2023, 04:04
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-352 |
Information
Published : 2023-05-08 14:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-1660
Mitre link : CVE-2023-1660
CVE.ORG link : CVE-2023-1660
JSON object : View
Products Affected
quantumcloud
- ai_chatbot
CWE
No CWE.