WordPress plugin AI ChatBot 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2023-17146 · WordPress · Ai Chatbot

Name of the Vulnerable Software and Affected Versions: AI ChatBot WordPress plugin versions prior to 4.4.7 Description: The issue allows unauthenticated users to perform PHP Object Injection via an AJAX action, potentially exploiting the presence of a suitable gadget on the blog. This is achieved...

WordPress plugin AI ChatBot 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2023-16687 · WordPress · Ai Chatbot

Name of the Vulnerable Software and Affected Versions: AI ChatBot WordPress plugin versions prior to 4.4.5 Description: The issue concerns the AI ChatBot WordPress plugin, which does not properly escape most of its settings before outputting them in the dashboard and lacks a proper CSRF check. Th...

PT-2023-17145 · WordPress · Ai Chatbot

Name of the Vulnerable Software and Affected Versions: AI ChatBot WordPress plugin versions prior to 4.5.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed, for...

WordPress ChatBot Plugin <= 4.4.8 is vulnerable to Cross Site Scripting (XSS)

Software ChatBot Type Plugin Vulnerable versions = 4.4.8 Fixed in 4.4.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1651 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 0fe1f44f2072 Credits Erwan LR Required privilege...

WordPress ChatBot Plugin <= 4.4.8 is vulnerable to Cross Site Scripting (XSS)

Software ChatBot Type Plugin Vulnerable versions = 4.4.8 Fixed in 4.4.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1660 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 427a28b8a8ff Credits Erwan LR Required privilege...

WordPress ChatBot Plugin <= 4.4.4 is vulnerable to Cross Site Scripting (XSS)

Software ChatBot Type Plugin Vulnerable versions = 4.4.4 Fixed in 4.4.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1011 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID b672166ed65f Credits Erwan LR Required privilege...

WordPress Blog Navigator Chatbot by Xatkit Plugin <= 4.4.9 is vulnerable to Cross Site Scripting (XSS)

Software Blog Navigator Chatbot by Xatkit Type Plugin Vulnerable versions = 4.4.9 Fixed in 4.5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1649 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 73a888678fc8 Credits Erwan L...

WordPress ChatBot Plugin <= 4.4.6 is vulnerable to PHP Object Injection

Software ChatBot Type Plugin Vulnerable versions = 4.4.6 Fixed in 4.4.7 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-1650 Patch priority High CVSS severity High 5.4 Developer Claim ownership PSID 84bd0e4874e7 Credits Erwan LR Required privilege Unauthenticated...

WordPress Blog Navigator Chatbot by Xatkit Plugin <= 4.4.9 is vulnerable to Cross Site Scripting (XSS)

Software Blog Navigator Chatbot by Xatkit Type Plugin Vulnerable versions = 4.4.9 Fixed in 4.5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c4687eb6e786 Credits Unknown Required...

ChatBot < 4.4.9 - Unauthenticated Stored XSS

The plugin does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboard PoC curl -X POST --data 'qcbotstrweight=" style=animation-name:rotati...

ChatBot < 4.4.5 - Stored XSS via CSRF

The plugin does not escape most of its settings before outputting them back in the dashboard, and does not have a proper CSRF check, allowing attackers to make a logged in admin set XSS payloads in them. Note: v4.4.5 fixed the CSRF issue, the lack of escaping was fixed in 4.5.1 and a separate iss...

ChatBot < 4.4.5 - Stored XSS via CSRF

The plugin does not escape most of its settings before outputting them back in the dashboard, and does not have a proper CSRF check, allowing attackers to make a logged in admin set XSS payloads in them. Note: v4.4.5 fixed the CSRF issue, the lack of escaping was fixed in 4.5.1 and a separate iss...

ChatBot < 4.4.9 - Subscriber+ OpenAI Settings Update to Stored XSS

The plugin does not have authorisation and CSRF in the AJAX action responsible to update the OpenAI settings, allowing any authenticated users, such as subscriber to update them. Furthermore, due to the lack of escaping of the settings, this could also lead to Stored XSS PoC Run the below command...

ChatBot < 4.5.1 - Admin+ Stored XSS

The plugin does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the Your Company ...

ChatBot < 4.4.7 - Unauthenticated PHP Object Injection

The plugin unserializes user input from cookies via an AJAX action available to unauthenticated users, which could allow them to perform PHP Object Injection when a suitable gadget is present on the blog To simulate a gadget chain, put the following code in a plugin: class Evil public function...

ChatBot < 4.5.1 - Admin+ Stored XSS

The plugin does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the Your...

ChatBot < 4.4.7 - Unauthenticated PHP Object Injection

The plugin unserializes user input from cookies via an AJAX action available to unauthenticated users, which could allow them to perform PHP Object Injection when a suitable gadget is present on the blog PoC To simulate a gadget chain, put the following code in a plugin: class Evil public functio...

ChatBot < 4.4.9 - Unauthenticated Stored XSS

The plugin does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboard curl -X POST --data 'qcbotstrweight=" style=animation-name:rotation...