WordPress AI Engine: ChatGPT Chatbot Plugin < 2.4.8 is vulnerable to SQL Injection

Software AI Engine: ChatGPT Chatbot Type Plugin Vulnerable versions 2.4.8 Fixed in 2.4.8 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-6723 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 034c594538bf Credits Karolis Narvilas Required privilege...

PT-2024-37823 · WordPress · Ai Engine

Name of the Vulnerable Software and Affected Versions: The AI Engine WordPress plugin versions prior to 2.4.8 Description: The issue is related to a SQL injection that occurs due to improper sanitization and escaping of a parameter in a SQL statement. This can be exploited by admin users when...

CVE-2024-6846

The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not validate access on some REST routes, allowing for an unauthenticated user to purge error and chat logs...

WordPress plugin Chatbot with ChatGPT 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A security vulnerability...

WordPress Chatbot Support AI plugin <= 1.0.2 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Kieran Burge in WordPress Plugin Chatbot Support AI versions = 1.0.2...

CVE-2024-6722

The Chatbot Support AI: Free ChatGPT Chatbot, Woocommerce Chatbot WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...

CVE-2024-6722

The CVE-2024-6722 entry concerns the WordPress plugin Chatbot Support AI: Free ChatGPT Chatbot, Woocommerce Chatbot (versions

CVE-2024-6722 Chatbot Support AI <= 1.0.2 - Admin+ Stored XSS

The Chatbot Support AI: Free ChatGPT Chatbot, Woocommerce Chatbot WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...

CVE-2024-6722 Chatbot Support AI <= 1.0.2 - Admin+ Stored XSS

The Chatbot Support AI: Free ChatGPT Chatbot, Woocommerce Chatbot WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...

WordPress plugin Chatbot Support AI 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

WordPress Chatbot Support AI Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Chatbot Support AI Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6722 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a3c87b3b7064 Credits Kieran Burge Required...

PT-2024-37900 · WordPress · Chatbot With Chatgpt Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Chatbot with ChatGPT WordPress plugin versions prior to 2.4.5 Description: The issue concerns improper access controls in the REST Route Handler of the Chatbot with ChatGPT WordPress plugin. This allows an unauthenticated user to purge error...

Malicious code in subspace-chatbot-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 31bfcf245439a664e6089e8a70261797608614e43d5f4c36abd2cf737a4881d9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8089 Malicious code in subspace-chatbot-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 31bfcf245439a664e6089e8a70261797608614e43d5f4c36abd2cf737a4881d9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-6847

The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users when submitting messages to the chatbot...

WordPress plugin Chatbot with ChatGPT 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A security vulnerability...

CVE-2024-6843 SmartSearch WP <= 2.4.4 - Unauthenticated Stored XSS

The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not sanitise and escape user inputs, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admins...

CVE-2024-6843

CVE-2024-6843 affects the WordPress Chatbot with ChatGPT plugin prior to version 2.4.5. The issue is stored XSS caused by insufficient sanitization/escaping of user inputs, enabling unauthenticated users to inject scripts that can affect admins. Red Hat’s entry reiterates the same description. Im...

PT-2024-37901 · WordPress · Chatbot With Chatgpt

Name of the Vulnerable Software and Affected Versions: The Chatbot with ChatGPT WordPress plugin versions prior to 2.4.5 Description: The issue is related to a SQL injection vulnerability. It occurs because the plugin does not properly sanitise and escape a parameter before using it in a SQL...

WordPress AI Engine: ChatGPT Chatbot Plugin < 2.5.1 is vulnerable to Remote Code Execution (RCE)

Software AI Engine: ChatGPT Chatbot Type Plugin Vulnerable versions 2.5.1 Fixed in 2.5.1 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2024-6451 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID 16f5f51a51d0 Credits Karolis Narvilas Required...