CVE-2023-24415

Cross-Site Request Forgery CSRF vulnerability in QuantumCloud AI ChatBot plugin = 4.2.8 versions...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in QuantumCloud AI ChatBot plugin = 4.2.8 versions...

CVE-2023-24415

CVE-2023-24415 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress ChatBot/QuantumCloud AI ChatBot plugin versions <= 4.2.8. The NVD entry details a high-impact issue (CVSS v3.1: 8.8, HIGH) with network attack vector, no privileges required, user interaction required, ...

CVE-2023-24415 WordPress AI ChatBot plugin <= 4.2.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in QuantumCloud AI ChatBot plugin = 4.2.8 versions...

ChatBot < 4.3.0 - Settings Reset via CSRF

The plugin does not have CSRF check when resetting its settings, which could allow attackers to make logged in admin perform such action via a CSRF attack...

WordPress Plugin ChatBot 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

PT-2023-19576 · Unknown · Quantumcloud Ai Chatbot Plugin

Name of the Vulnerable Software and Affected Versions: QuantumCloud AI ChatBot plugin versions = 4.2.8 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web...

MAL-2023-668 Malicious code in paysafe-wac-web-chatbot-lib-fe (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 607c4692c6a631f5514a914240622977d22fb3fbc467f6bdc0b132532b3454b6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

WordPress ChatBot Plugin <= 4.2.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software ChatBot Type Plugin Vulnerable versions = 4.2.8 Fixed in 4.2.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-24415 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 56586a24f6dd Credits Rafshanzani Suhada Required...

WordPress ChatBot Plugin <= 4.3.0 is vulnerable to Cross Site Scripting (XSS)

Software ChatBot Type Plugin Vulnerable versions = 4.3.0 Fixed in 4.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-47613 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 55e5078b9db7 Credits Rafshanzani Suhada Required...

WordPress Conversational Forms for ChatBot Plugin <= 1.1.6 is vulnerable to Cross Site Scripting (XSS)

Software Conversational Forms for ChatBot Type Plugin Vulnerable versions = 1.1.6 Fixed in 1.1.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23981 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1354354e56fe Credits Rio...

Conversational Forms for ChatBot < 1.1.7 - Admin+ Stored XSS

The plugin does not sanitise and escape a form name, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

ChatGPT-Written Malware

I dont know how much of a thing this will end up being, but we are seeing ChatGPT-written malware in the wild. …within a few weeks of ChatGPT going live, participants in cybercrime forums--­some with little or no coding experience­--were using it to write software and emails that could be used fo...

ChatBot < 4.2.9 - Unauthenticated Settings Reset

The plugin does not have authorisation and CSRF checks when reseting its settings via an AJAX action available to unauthenticated users, which could allow unauthenticated attackers to reset the plugin's settings https://example.com/wp-admin/admin-ajax.php?action=qcldwbchatbootdeletealloptions...

ChatBot < 4.2.9 - Unauthenticated Settings Reset

The plugin does not have authorisation and CSRF checks when reseting its settings via an AJAX action available to unauthenticated users, which could allow unauthenticated attackers to reset the plugin's settings PoC https://example.com/wp-admin/admin-ajax.php?action=qcldwbchatbootdeletealloptions...

This Chatbot Aims to Steer People Away From Child Abuse Material

Pornhub is trialing a new automated tool that pushes CSAM-searchers to seek help for their online behavior. Will it work?...

Now it's BlenderBot's turn to make shocking, inappropriate, and untrue remarks

Last Friday, Meta unveiled its new BlenderBot 3 AI chatbot, a conversational AI prototype. The company said its chatbot is designed to learn by having natural conversations with people online. It also improves its skills via human feedback. Meta also asserts with confidence that the more the AI...

bda-chatbot (>=0.0.1 <=1.0.0), cloudbase-init (>=1.1.0 <=1.1.2) +2 more potentially affected by CVE-2022-33977 via untangle (=1.1.1)

untangle PYPI version =1.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on untangle and may be impacted: - bda-chatbot =0.0.1, =1.1.0, =0.1.2, =1.0.0, =1.0.1 Source cves: CVE-2022-33977 Source advisory: OSV:GHSA-7XR3-6GGC-WC9P...

bda-chatbot (>=0.0.1 <=1.0.0), cloudbase-init (>=1.1.0 <=1.1.2) +2 more potentially affected by CVE-2022-31471 via untangle (=1.1.1)

untangle PYPI version =1.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on untangle and may be impacted: - bda-chatbot =0.0.1, =1.1.0, =0.1.2, =1.0.0, =1.0.1 Source cves: CVE-2022-31471 Source advisory: OSV:GHSA-F83Q-2CP7-QRJG...

bda-chatbot (>=0.0.1 <=1.0.0), cloudbase-init (>=1.1.0 <=1.1.2) +2 more potentially affected by CVE-2022-31471 via untangle (=1.1.1)

untangle PYPI version =1.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on untangle and may be impacted: - bda-chatbot =0.0.1, =1.1.0, =0.1.2, =1.0.0, =1.0.1 Source cves: CVE-2022-31471 Source advisory: OSV:PYSEC-2022-244...