45 matches found
Design/Logic Flaw
Authentication Bypass by Spoofing vulnerability in CBOT Chatbot allows Authentication Bypass.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7...
CVE-2023-2885 Channel Accessible by Non-Endpoint in CBOT's Chatbot
Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in CBOT Chatbot allows Adversary in the Middle AiTM. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7...
CVE-2023-2883 IDOR in CBOT's Chatbot
Authorization Bypass Through User-Controlled Key vulnerability in CBOT Chatbot allows Authentication Abuse, Authentication Bypass. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7...
CVE-2023-1651 ChatBot < 4.4.9 - Subscriber+ OpenAI Settings Update to Stored XSS
The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in the AJAX action responsible to update the OpenAI settings, allowing any authenticated users, such as subscriber to update them. Furthermore, due to the lack of escaping of the settings, this could also lead to...
PT-2023-17146 · WordPress · Ai Chatbot
Name of the Vulnerable Software and Affected Versions: AI ChatBot WordPress plugin versions prior to 4.4.7 Description: The issue allows unauthenticated users to perform PHP Object Injection via an AJAX action, potentially exploiting the presence of a suitable gadget on the blog. This is achieved...