1134 matches found
CVE-2024-5993
CVE-2024-5993 (Cliengo – Chatbot plugin for WordPress) affects all versions up to 3.0.1. Red Hat’s entry indicates the root cause is a missing capability check in the update_session function, enabling authenticated users with Subscriber-level access and above to modify the chatbot session token. ...
CVE-2024-37923
Cross-Site Request Forgery CSRF vulnerability in cliengo Cliengo – Chatbot cliengo allows Cross Site Request Forgery.This issue affects Cliengo – Chatbot: from n/a through = 3.0.4...
CVE-2024-37923
Technical details about CVE-2024-37923 (Cliengo – Chatbot CSRF) are not present in the connected documents; no affected versions, root cause, exploit information, or remediation are provided here. Monitor for updates.
CVE-2024-37923 WordPress Cliengo – Chatbot plugin <= 3.0.4 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in cliengo Cliengo – Chatbot cliengo allows Cross Site Request Forgery.This issue affects Cliengo – Chatbot: from n/a through = 3.0.4...
CVE-2024-37923 WordPress Cliengo - Chatbot plugin <= 3.0.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Cliengo – Chatbot.This issue affects Cliengo – Chatbot: from n/a through 3.0.1...
WordPress Cliengo – Chatbot plugin <= 3.0.4 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Cliengo – Chatbot versions = 3.0.4...
WordPress Cliengo - Chatbot plugin <= 3.0.2 - Missing Authorization to Authorized (Subscriber+) Chatbot Settings Update vulnerability
WordPress Cliengo - Chatbot plugin = 3.0.2 - Missing Authorization to Authorized Subscriber+ Chatbot Settings Update vulnerability discovered by Lucio Sá in WordPress Plugin Cliengo – Chatbot versions = 3.0.2...
WordPress Cliengo - Chatbot plugin <= 3.0.2 - Missing Authorization to Unauthenticated Chatbot Settings Update vulnerability
WordPress Cliengo - Chatbot plugin = 3.0.2 - Missing Authorization to Unauthenticated Chatbot Settings Update vulnerability discovered by Lucio Sá in WordPress Plugin Cliengo – Chatbot versions = 3.0.2...
WordPress Cliengo – Chatbot Plugin <= 3.0.1 is vulnerable to Broken Access Control
Software Cliengo – Chatbot Type Plugin Vulnerable versions = 3.0.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5992 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 5df51a028217 Credits Lucio Sá Required privilege...
WordPress Cliengo – Chatbot Plugin <=3.0.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software Cliengo – Chatbot Type Plugin Vulnerable versions =3.0.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37923 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 8fb75aa7c641 Credits Majed Refaea Require...
WordPress plugin Cliengo - Chatbot security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin... A security vulnerability...
WordPress plugin Cliengo - Chatbot security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin... WordPress plugin Cliengo ...
PT-2024-37297 · WordPress · Cliengo – Chatbot
Name of the Vulnerable Software and Affected Versions: The Cliengo – Chatbot plugin for WordPress versions up to, and including, 3.0.1 Description: The issue arises from a missing capability check on the update chatbot token and update chatbot position functions, allowing unauthorized modificatio...
WordPress plugin Cliengo - Chatbot Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Cliengo -...
WordPress Cliengo – Chatbot Plugin <= 3.0.1 is vulnerable to Broken Access Control
Software Cliengo – Chatbot Type Plugin Vulnerable versions = 3.0.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5993 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 950b128377a0 Credits Lucio Sá Required privilege...
PT-2024-27829 · Unknown · Cliengo – Chatbot
Name of the Vulnerable Software and Affected Versions: Cliengo – Chatbot versions 3.0.1 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that...
PT-2024-37298 · WordPress · Cliengo – Chatbot
Name of the Vulnerable Software and Affected Versions: The Cliengo – Chatbot plugin for WordPress versions up to, and including, 3.0.1 Description: The issue is related to a missing capability check on the update session function, allowing authenticated attackers with Subscriber-level access and...
Quora’s Chatbot Platform Poe Allows Users to Download Paywalled Articles on Demand
WIRED was able to download stories from publishers like The New York Times and The Atlantic using Poe’s Assistant bot. One expert calls it “prima facie copyright infringement,” which Quora disputes...
MAL-2024-1738 Malicious code in ai-chatbot-starter (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware af9d2068c841a174507d461d5d7113108623c8d971ee140701fe429feaf8e83c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Kognetiks Chatbot for WordPress < 1.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...