8 matches found
CVE-2023-5533
The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to missing capability checks on the corresponding functions in versions up to, and including, 4.8.9 as well as 4.9.2. This makes it possible for unauthenticated attackers to perform some of those actions tha...
AI ChatBot < 4.9.3 - Missing authorization in AJAX calls
Description The plugin does not check capabilities when processing AJAX actions, allowing unauthenticated attackers to perform actions intended for higher privileged users. This vulnerability is the same as CVE-2023-5533 but was reintroduced in version 4.9.2...
CVE-2023-5533
creationtimestamp| type| source ---|---|--- 2023-10-20 12:41:28+00:00| seen| https://t.me/cibsecurity/72684...
CVE-2023-5656
Rejected reason: REJECT DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-5533. Reason: This record is a reservation duplicate of CVE-2023-5533. Notes: All CVE users should reference CVE-2023-5533 instead of this record. All references and descriptions in this record have been removed to prevent...
CVE-2023-5533
The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to missing capability checks on the corresponding functions in versions up to, and including, 4.8.9 as well as 4.9.2. This makes it possible for unauthenticated attackers to perform some of those actions tha...
CVE-2023-5533
CVE-2023-5533 affects the WordPress AI ChatBot plugin. The vulnerability arises from missing capability checks on multiple AJAX actions, allowing unauthenticated users to invoke actions intended for higher-privileged users. Affected versions are up to and including 4.8.9 and also 4.9.2. Wordfence...
CVE-2023-5533 AI ChatBot <= 4.8.9 and 4.9.2 - Missing Authorization on AJAX actions
The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to missing capability checks on the corresponding functions in versions up to, and including, 4.8.9 as well as 4.9.2. This makes it possible for unauthenticated attackers to perform some of those actions tha...
WordPress ChatBot Plugin <= 4.8.9 is vulnerable to Broken Access Control
Software ChatBot Type Plugin Vulnerable versions = 4.8.9 Fixed in 4.9.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-5533 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID ffa27d384955 Credits Marco Wotschka Required privilege...