CVE-2023-4253 Chatbot < 4.7.8 - Admin+ Stored XSS in FAQ Builder

The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-4253

The CVE-2023-4253 entry concerns the WordPress plugin AI ChatBot (up to version 4.7.8). The issue is improper sanitisation/escaping of certain settings, enabling stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed. Public details in connected Red Hat and NVD ...

CVE-2023-4254 Chatbot < 4.7.8 - Admin+ Stored XSS in Language Settings

The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-4254 Chatbot < 4.7.8 - Admin+ Stored XSS in Language Settings

The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-4254

The CVE-2023-4254 entry concerns the AI ChatBot WordPress plugin prior to version 4.7.8, which fails to sanitise/escape certain settings, enabling Stored XSS by high-privilege users (e.g., Admin) even when unfiltered_html is disallowed (such as in multisite). Public details in connected documents...

WordPress plugin AI ChatBot cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2023-28406 · WordPress · Ai Chatbot

Name of the Vulnerable Software and Affected Versions: AI ChatBot WordPress plugin versions prior to 4.7.8 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in a...

WordPress plugin AI ChatBot cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

Malicious code in ductai-chatbot-community (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 27c77e0ede4c194a2280a25afb09eab42f56783293849e1ceb66bb39b6f62477 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

HackBot - A Simple Cli Chatbot Having Llama2 As Its Backend Chat AI

Welcome to HackBot, an AI-powered cybersecurity chatbot designed to provide helpful and accurate answers to your cybersecurity-related queries and also do code analysis and scan analysis. Whether you are a security researcher, an ethical hacker, or just curious about cybersecurity, HackBot is her...

WordPress ChatBot Plugin < 4.7.8 is vulnerable to Cross Site Scripting (XSS)

Software ChatBot Type Plugin Vulnerable versions 4.7.8 Fixed in 4.7.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4253 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1272ce44f1e5 Credits Nguyen Hoang Nam Required privileg...

WordPress ChatBot Plugin < 4.7.8 is vulnerable to Cross Site Scripting (XSS)

Software ChatBot Type Plugin Vulnerable versions 4.7.8 Fixed in 4.7.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4254 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c88c0ce63b6b Credits Bob Matyas Required privilege...

Chatbot < 4.7.8 - Admin+ Stored XSS in Language Settings

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. In the plugin settings, select...

Chatbot < 4.7.8 - Admin+ Stored XSS in FAQ Builder

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Navigate to "WPBot Lite - Setting -...

Chatbot < 4.7.8 - Admin+ Stored XSS in Language Settings

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. In the plugin settings, select "WPB...

Chatbot < 4.7.8 - Admin+ Stored XSS in FAQ Builder

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Navigate to "WPBot Lite -...

Following WormGPT, FraudGPT Emerges for AI-Driven Cyber Crime

By Waqas FraudGPT: Yet Another AI-Driven Chatbot Assisting Cybercriminals in Malicious Activities. This is a post from HackRead.com Read the original post: Following WormGPT, FraudGPT Emerges for AI-Driven Cyber Crime...

Practice Your Security Prompting Skills

Gandalf is an interactive LLM game where the goal is to get the chatbot to reveal its password. There are eight levels of difficulty, as the chatbot gets increasingly restrictive instructions as to how it will answer. Its a great teaching tool. I am stuck on Level 7. Feel free to give hints and...

WordPress AI Tools - Chatbot, ChatGPT, Content Generator, Image Generator, Artificial Intelligence GPT Plugin <= 2.3.0 is vulnerable to Cross Site Scripting (XSS)

Software AI Tools - Chatbot, ChatGPT, Content Generator, Image Generator, Artificial Intelligence GPT Type Plugin Vulnerable versions = 2.3.0 Fixed in 3.0.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer...

WordPress My Chatbot Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Software My Chatbot Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3b3dd31edbbb Credits Rafie Muhammad Patchstack Required...