4 matches found
CVE-2023-2742
The AI ChatBot WordPress plugin before 4.5.5 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2023-2742
CVE-2023-2742 affects the AI ChatBot WordPress plugin (pre-4.5.5). The vulnerability is a stored XSS due to unsanitized/uncleaned settings in the admin UI, allowing an admin (high-privilege user) to inject scripts even when unfiltered_html is disallowed. Root cause: settings are not sanitized/esc...
CVE-2023-2742 AI ChatBot < 4.5.5 - Admin+ Stored Cross-Site Scripting
The AI ChatBot WordPress plugin before 4.5.5 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
WordPress ChatBot Plugin < 4.5.5 is vulnerable to Cross Site Scripting (XSS)
Software ChatBot Type Plugin Vulnerable versions 4.5.5 Fixed in 4.5.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2742 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 6cb42df0d8b5 Credits Hao Huynh Required privilege...