3 matches found
CVE-2023-1650 ChatBot < 4.4.7 - Unauthenticated PHP Object Injection
The AI ChatBot WordPress plugin before 4.4.7 unserializes user input from cookies via an AJAX action available to unauthenticated users, which could allow them to perform PHP Object Injection when a suitable gadget is present on the blog...
CVE-2023-1650
The CVE-2023-1650 entry concerns the AI ChatBot WordPress plugin (before 4.4.7). The vulnerability arises from unserializing user input stored in cookies via an AJAX action accessible to unauthenticated users, enabling PHP Object Injection if a compatible gadget is present. Affected software: Wor...
WordPress ChatBot Plugin <= 4.4.6 is vulnerable to PHP Object Injection
Software ChatBot Type Plugin Vulnerable versions = 4.4.6 Fixed in 4.4.7 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-1650 Patch priority High CVSS severity High 5.4 Developer Claim ownership PSID 84bd0e4874e7 Credits Erwan LR Required privilege Unauthenticated...