CVE-2023-24415 WordPress AI ChatBot plugin <= 4.2.8 is vulnerable to Cross Site Request Forgery (CSRF)

🗓️ 23 Feb 2023 15:03:24Reported by PatchstackType

WordPress AI ChatBot plugin vulnerability to CSR

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2023-24415	23 Feb 202318:18	–	circl
CNNVD	WordPress Plugin ChatBot 跨站请求伪造漏洞	23 Feb 202300:00	–	cnnvd
CVE	CVE-2023-24415	23 Feb 202315:03	–	cve
EUVD	EUVD-2023-28471	3 Oct 202520:07	–	euvd
NVD	CVE-2023-24415	23 Feb 202316:15	–	nvd
Patchstack	WordPress ChatBot Plugin <= 4.2.8 is vulnerable to Cross Site Request Forgery (CSRF)	27 Jan 202300:00	–	patchstack
Prion	Cross site request forgery (csrf)	23 Feb 202316:15	–	prion
Positive Technologies	PT-2023-19576 · Unknown · Quantumcloud Ai Chatbot Plugin	23 Feb 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-24415	23 May 202504:55	–	redhatcve
WPVulnDB	ChatBot < 4.3.0 - Settings Reset via CSRF	23 Feb 202300:00	–	wpvulndb

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "chatbot",
    "product": "AI ChatBot",
    "vendor": "QuantumCloud",
    "versions": [
      {
        "changes": [
          {
            "at": "4.2.9",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "4.2.8",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
patchstack	www.patchstack.com/database/vulnerability/chatbot/wordpress-chatbot-plugin-4-2-8-cross-site-request-forgery-csrf

28 Apr 2026 16:08Current

9High risk

Vulners AI Score9

CVSS 3.15.4

EPSS0.00264

CWE-352