111 matches found
Chatbot < 4.7.8 - Admin+ Stored XSS in FAQ Builder
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Navigate to "WPBot Lite -...
WordPress plugin AI ChatBot 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
CVE-2023-2742
The AI ChatBot WordPress plugin before 4.5.5 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2023-2811
The AI ChatBot WordPress plugin before 4.5.6 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks to all admin when setting chatbot and all client when using chatbot...
WordPress ChatBot Plugin < 4.5.6 is vulnerable to Cross Site Scripting (XSS)
Software ChatBot Type Plugin Vulnerable versions 4.5.6 Fixed in 4.5.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2811 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID eb7005b63455 Credits NGO VAN TU Required privilege...
PT-2023-21568 · WordPress · Ai Chatbot
Name of the Vulnerable Software and Affected Versions: AI ChatBot WordPress plugin versions prior to 4.5.6 Description: The issue concerns the AI ChatBot WordPress plugin, which does not properly sanitise and escape numerous settings. This could allow high-privilege users, such as administrators,...
WordPress Plugin AI ChatBot 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...
CVE-2023-1649
The AI ChatBot WordPress plugin before 4.5.1 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-1649 ChatBot < 4.5.1 - Admin+ Stored XSS
The AI ChatBot WordPress plugin before 4.5.1 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-1650 ChatBot < 4.4.7 - Unauthenticated PHP Object Injection
The AI ChatBot WordPress plugin before 4.4.7 unserializes user input from cookies via an AJAX action available to unauthenticated users, which could allow them to perform PHP Object Injection when a suitable gadget is present on the blog...
CVE-2023-1011 ChatBot < 4.4.5 - Stored XSS via CSRF
The AI ChatBot WordPress plugin before 4.4.5 does not escape most of its settings before outputting them back in the dashboard, and does not have a proper CSRF check, allowing attackers to make a logged in admin set XSS payloads in them...
CVE-2023-1660 ChatBot < 4.4.9 - Unauthenticated Stored XSS
The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboard...
WordPress plugin AI ChatBot 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in the...
WordPress plugin AI ChatBot 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2023-17145 · WordPress · Ai Chatbot
Name of the Vulnerable Software and Affected Versions: AI ChatBot WordPress plugin versions prior to 4.5.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed, for...
WordPress ChatBot Plugin <= 4.4.8 is vulnerable to Cross Site Scripting (XSS)
Software ChatBot Type Plugin Vulnerable versions = 4.4.8 Fixed in 4.4.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1651 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 0fe1f44f2072 Credits Erwan LR Required privilege...
WordPress ChatBot Plugin <= 4.4.8 is vulnerable to Cross Site Scripting (XSS)
Software ChatBot Type Plugin Vulnerable versions = 4.4.8 Fixed in 4.4.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1660 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 427a28b8a8ff Credits Erwan LR Required privilege...
WordPress ChatBot Plugin <= 4.4.6 is vulnerable to PHP Object Injection
Software ChatBot Type Plugin Vulnerable versions = 4.4.6 Fixed in 4.4.7 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-1650 Patch priority High CVSS severity High 5.4 Developer Claim ownership PSID 84bd0e4874e7 Credits Erwan LR Required privilege Unauthenticated...
WordPress ChatBot Plugin <= 4.4.4 is vulnerable to Cross Site Scripting (XSS)
Software ChatBot Type Plugin Vulnerable versions = 4.4.4 Fixed in 4.4.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1011 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID b672166ed65f Credits Erwan LR Required privilege...
ChatBot < 4.4.5 - Stored XSS via CSRF
The plugin does not escape most of its settings before outputting them back in the dashboard, and does not have a proper CSRF check, allowing attackers to make a logged in admin set XSS payloads in them. Note: v4.4.5 fixed the CSRF issue, the lack of escaping was fixed in 4.5.1 and a separate iss...