CVE-2024-35738

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Kognetiks Kognetiks Chatbot for WordPress allows Stored XSS.This issue affects Kognetiks Chatbot for WordPress: from n/a through 1.9.8...

CVE-2024-35738

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Kognetiks Kognetiks Chatbot for WordPress allows Stored XSS.This issue affects Kognetiks Chatbot for WordPress: from n/a through 1.9.8...

CVE-2024-35738

CVE-2024-35738 is a Stored XSS vulnerability in Kognetiks Chatbot for WordPress, affecting versions up to 1.9.8 (no public details beyond this; initial and Red Hat entries confirm the issue). No exploit vectors or remediation steps are provided in the supplied documents.

WordPress plugin Kognetiks Chatbot for WordPress cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2024-26690 · Kognetiks · Kognetiks Chatbot For Wordpress

Name of the Vulnerable Software and Affected Versions: Kognetiks Chatbot for WordPress versions 1.9.8 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, allowing Stored XSS. This can be exploited by...

WordPress Kognetiks Chatbot for WordPress plugin <= 1.9.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Kognetiks Chatbot for WordPress versions = 1.9.8...

AnythingLLM Cross-Site Scripting Vulnerability

AnythingLLM is a document chatbot that meets business requirements. AnythingLLM suffers from a cross-site scripting vulnerability that stems from the presence of a stored cross-site scripting XSS vulnerability...

AnythingLLM Authorization Issues Vulnerability

AnythingLLM is a document chatbot that meets business requirements. AnythingLLM has an authorization issue vulnerability that stems from the presence of an improper authorization vulnerability...

AnythingLLM Input Validation Error Vulnerability

AnythingLLM is a document chatbot that meets business requirements. An input validation error vulnerability exists in AnythingLLM that stems from the application failing to properly validate user input before passing it to prisma functions and other critical operations...

AnythingLLM Resource Management Error Vulnerability

AnythingLLM is a document chatbot that meets business requirements. AnythingLLM suffers from a resource management error vulnerability that stems from a denial of service that can be caused by uploading a large number of invalid files...

AnythingLLM Security Vulnerability

AnythingLLM is a document chatbot that meets business requirements. A security vulnerability exists in AnythingLLM that originates from the possibility of brute-force decompression...

WordPress Kognetiks Chatbot for WordPress Plugin <= 1.9.8 is vulnerable to Cross Site Scripting (XSS)

Software Kognetiks Chatbot for WordPress Type Plugin Vulnerable versions = 1.9.8 Fixed in 1.9.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35738 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6c63d9b849d8 Credits LVT-tholv2k Required...

CVE-2024-0451

The AI ChatBot plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the openaifilelistcallback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to lis...

CVE-2024-0452

The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openaifileuploadcallback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above...

CVE-2024-0453

The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openaifiledeletecallback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above...

CVE-2024-0453 AI ChatBot <= 5.3.4 - Missing Authorization via openai_file_delete_callback

The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openaifiledeletecallback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above...

CVE-2024-0452 AI ChatBot <= 5.3.4 - Missing Authorization via openai_file_upload_callback

The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openaifileuploadcallback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above...

CVE-2024-0452

The CVE-2024-0452 entry for the AI ChatBot for WordPress (WPBot) is confirmed with concrete details: the vulnerability is a missing capability check in openai_file_upload_callback across all versions up to 5.3.4, allowing authenticated users with subscriber-level access or higher to upload files ...

CVE-2024-0452 AI ChatBot <= 5.3.4 - Missing Authorization via openai_file_upload_callback

The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openaifileuploadcallback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above...

CVE-2024-0453

CVE-2024-0453 describes a vulnerability in the WordPress plugin AI ChatBot for WordPress (WPBot) where a missing capability check in openai_file_delete_callback allows authenticated users with subscriber-level access and above to delete files from a linked OpenAI account. The issue affects all ve...