Lucene search
K

4 matches found

NVD
NVD
added 2023/06/19 11:15 a.m.30 views

CVE-2023-2742

The AI ChatBot WordPress plugin before 4.5.5 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS4.9AI score0.0047EPSS
Exploits2References1
CVE
CVE
added 2023/06/19 10:52 a.m.60 views

CVE-2023-2742

CVE-2023-2742 affects the AI ChatBot WordPress plugin (pre-4.5.5). The vulnerability is a stored XSS due to unsanitized/uncleaned settings in the admin UI, allowing an admin (high-privilege user) to inject scripts even when unfiltered_html is disallowed. Root cause: settings are not sanitized/esc...

4.8CVSS4.8AI score0.0047EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/06/19 10:52 a.m.26 views

CVE-2023-2742 AI ChatBot < 4.5.5 - Admin+ Stored Cross-Site Scripting

The AI ChatBot WordPress plugin before 4.5.5 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

5.1AI score0.0047EPSS
Exploits2References1
Patchstack
Patchstack
added 2023/06/19 12:0 a.m.16 views

WordPress ChatBot Plugin < 4.5.5 is vulnerable to Cross Site Scripting (XSS)

Software ChatBot Type Plugin Vulnerable versions 4.5.5 Fixed in 4.5.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2742 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 6cb42df0d8b5 Credits Hao Huynh Required privilege...

4.8CVSS5.8AI score0.0047EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder