The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboard
References
Configurations
History
21 Nov 2024, 07:39
Type | Values Removed | Values Added |
---|---|---|
References | () https://wpscan.com/vulnerability/1a5cbcfc-fa55-433a-a76b-3881b6c4bea2 - Exploit |
07 Nov 2023, 04:04
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-352 |
Information
Published : 2023-05-08 14:15
Updated : 2024-11-21 07:39
NVD link : CVE-2023-1660
Mitre link : CVE-2023-1660
CVE.ORG link : CVE-2023-1660
JSON object : View
Products Affected
quantumcloud
- ai_chatbot
CWE
No CWE.