CVE-2024-5993

The Cliengo – Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updatesession' function in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

WordPress Cliengo – Chatbot Plugin <=3.0.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Cliengo – Chatbot Type Plugin Vulnerable versions =3.0.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37923 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 8fb75aa7c641 Credits Majed Refaea Require...