CVE-2023-5533

The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to missing capability checks on the corresponding functions in versions up to, and including, 4.8.9 as well as 4.9.2. This makes it possible for unauthenticated attackers to perform some of those actions that were intended for higher privileged users.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:quantumcloud:ai_chatbot:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:quantumcloud:ai_chatbot:4.9.2:*:*:*:*:wordpress:*:*

History

30 Oct 2023, 11:17

Type Values Removed Values Added
CWE CWE-862
CPE cpe:2.3:a:quantumcloud:ai_chatbot:4.9.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:quantumcloud:ai_chatbot:*:*:*:*:*:wordpress:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
References (MISC) https://www.wordfence.com/threat-intel/vulnerabilities/id/a9db002f-ff41-493a-87b1-5f0b4b07cfc2?source=cve - (MISC) https://www.wordfence.com/threat-intel/vulnerabilities/id/a9db002f-ff41-493a-87b1-5f0b4b07cfc2?source=cve - Product, Third Party Advisory
References (MISC) https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2977505%40chatbot%2Ftrunk&old=2967435%40chatbot%2Ftrunk&sfp_email=&sfph_mail= - (MISC) https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2977505%40chatbot%2Ftrunk&old=2967435%40chatbot%2Ftrunk&sfp_email=&sfph_mail= - Patch
First Time Quantumcloud ai Chatbot
Quantumcloud

23 Oct 2023, 13:15

Type Values Removed Values Added
Summary The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to missing capability checks on the corresponding functions in versions up to, and including, 4.8.9. This makes it possible for unauthenticated attackers to perform some of those actions that were intended for higher privileged users. The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to missing capability checks on the corresponding functions in versions up to, and including, 4.8.9 as well as 4.9.2. This makes it possible for unauthenticated attackers to perform some of those actions that were intended for higher privileged users.

20 Oct 2023, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-10-20 08:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-5533

Mitre link : CVE-2023-5533

CVE.ORG link : CVE-2023-5533


JSON object : View

Products Affected

quantumcloud

  • ai_chatbot
CWE
CWE-862

Missing Authorization