Lucene search
PRIOn knowledge basePRION:CVE-2024-0449HistoryMar 13, 2024 - 4:15 p.m.
Cross site scripting
2024-03-1316:15:00
PRIOn knowledge base
www.prio-n.com
5
wordpress
cross-site scripting
vulnerable plugin
input sanitization
output escaping
authenticated attackers
administrator level permissions
multi-site installations
unfiltered html
The ArtiBot Free Chat Bot for WordPress WebSites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Related
wpvulndb
wpvulndb
vulnrichment
vulnrichment
CVE-2024-0449
2024-03-13 15:26:45
nvd
nvd
CVE-2024-0449
2024-03-13 16:15:11
cvelist
cvelist
CVE-2024-0449
2024-03-13 15:26:45
cve
cve
CVE-2024-0449
2024-03-13 16:15:11
wordfence
wordfence