Lucene search
CVE-2023-1650
The AI ChatBot WordPress plugin before 4.4.7 allows PHP Object Injection via unauthenticated user input
Show more
| Reporter | Title | Published | Views | Family All 7 |
|---|---|---|---|---|
 | WordPress ChatBot Plugin <= 4.4.6 is vulnerable to PHP Object Injection | 20 Apr 202300:00 | – | patchstack |
 | ChatBot < 4.4.7 - Unauthenticated PHP Object Injection | 12 Apr 202300:00 | – | wpvulndb |
 | Design/Logic Flaw | 8 May 202314:15 | – | prion |
 | CVE-2023-1650 ChatBot < 4.4.7 - Unauthenticated PHP Object Injection | 8 May 202313:58 | – | vulnrichment |
 | CVE-2023-1650 | 8 May 202314:15 | – | nvd |
 | CVE-2023-1650 ChatBot < 4.4.7 - Unauthenticated PHP Object Injection | 8 May 202313:58 | – | cvelist |
 | ChatBot < 4.4.7 - Unauthenticated PHP Object Injection | 12 Apr 202300:00 | – | wpexploit |
Node
[
{
"vendor": "Unknown",
"product": "AI ChatBot",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "4.4.7"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| action | query param | /wp-admin/admin-ajax.php | The AJAX endpoint that unserializes user input from cookies and is vulnerable to PHP Object Injection. | CWE-502 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo08 May 2023 14:15Current
9.8High risk
Vulners AI Score9.8
CVSS39.8
EPSS0.50174
SSVC