PT-2024-37899

Name of the Vulnerable Software and Affected Versions The Chatbot with ChatGPT WordPress plugin versions prior to 2.4.6 Description The issue is related to a lack of proper authorization in one of the plugin's REST endpoints, allowing unauthenticated users to retrieve an encoded key, which can th...

WordPress plugin Chatbot with ChatGPT 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A security vulnerability...

WordPress Chatbot Support AI plugin <= 1.0.2 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Kieran Burge in WordPress Plugin Chatbot Support AI versions = 1.0.2...

CVE-2024-6847

The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users when submitting messages to the chatbot...

CVE-2024-6843

CVE-2024-6843 affects the WordPress Chatbot with ChatGPT plugin prior to version 2.4.5. The issue is stored XSS caused by insufficient sanitization/escaping of user inputs, enabling unauthenticated users to inject scripts that can affect admins. Red Hat’s entry reiterates the same description. Im...

WordPress plugin AI Engine: ChatGPT Chatbot 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin AI Engine: ChatGPT A code...

WordPress ChatBot Plugin <= 5.5.7 is vulnerable to Cross Site Scripting (XSS)

Software ChatBot Type Plugin Vulnerable versions = 5.5.7 Fixed in 5.5.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6669 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f3c4f285392a Credits Artem Polynko Artem Polynko...

WordPress Cliengo - Chatbot plugin <= 3.0.2 - Missing Authorization to Authorized (Subscriber+) Chatbot Settings Update vulnerability

WordPress Cliengo - Chatbot plugin = 3.0.2 - Missing Authorization to Authorized Subscriber+ Chatbot Settings Update vulnerability discovered by Lucio Sá in WordPress Plugin Cliengo – Chatbot versions = 3.0.2...

WordPress Cliengo – Chatbot Plugin <=3.0.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Cliengo – Chatbot Type Plugin Vulnerable versions =3.0.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37923 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 8fb75aa7c641 Credits Majed Refaea Require...

CVE-2024-0453

The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openaifiledeletecallback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above...

WordPress AI ChatBot plugin <= 5.3.4 - Missing Authorization via multiple functions vulnerability

Missing Authorization via multiple functions vulnerability discovered by Francesco Carlucci in WordPress Plugin ChatBot versions = 5.3.4...

WordPress plugin AI ChatBot 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-15572 · WordPress · Ai Chatbot

Name of the Vulnerable Software and Affected Versions: AI ChatBot plugin for WordPress versions up to, and including, 5.3.4 Description: The issue allows authenticated attackers with subscriber-level access and above to delete files from a linked OpenAI account due to a missing capability check o...

WordPress Conversational Forms for ChatBot Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS)

Software Conversational Forms for ChatBot Type Plugin Vulnerable versions = 1.2.0 Fixed in 1.3.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34380 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 04a3b48cf9af Credits Jean Tirstan T Requir...

WordPress ChatBot Conversational Forms plugin <= 1.1.8 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by Yudistira Arya Patchstack Alliance in WordPress Plugin Conversational Forms for ChatBot versions = 1.1.8...

CVE-2024-22309 WordPress ChatBot Plugin <= 5.1.0 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in QuantumCloud ChatBot with AI.This issue affects ChatBot with AI: from n/a through 5.1.0...

CVE-2023-5691

The Chatbot for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version 2.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject...

WordPress ChatBot Plugin <= 4.7.8 is vulnerable to SQL Injection

Software ChatBot Type Plugin Vulnerable versions = 4.7.8 Fixed in 4.7.9 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-48741 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 1bfb272c13b3 Credits Mika Required privilege Administrator Published 23...

WordPress Plugin ChatBot Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2023-5533

The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to missing capability checks on the corresponding functions in versions up to, and including, 4.8.9 as well as 4.9.2. This makes it possible for unauthenticated attackers to perform some of those actions tha...