2 matches found
CVE-2023-1651
The CVE-2023-1651 entry concerns the WordPress plugin AI ChatBot prior to version 4.4.9. The vulnerability arises from missing authorization and CSRF protection in the AJAX action used to update OpenAI settings, allowing any authenticated user (e.g., subscribers) to modify settings. Additionally,...
WordPress ChatBot Plugin <= 4.4.8 is vulnerable to Cross Site Scripting (XSS)
Software ChatBot Type Plugin Vulnerable versions = 4.4.8 Fixed in 4.4.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1651 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 0fe1f44f2072 Credits Erwan LR Required privilege...