Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 2:43 a.m.6 views

CVE-2023-5533

The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to missing capability checks on the corresponding functions in versions up to, and including, 4.8.9 as well as 4.9.2. This makes it possible for unauthenticated attackers to perform some of those actions tha...

9.8CVSS5.9AI score0.00531EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/10/24 12:0 a.m.18 views

AI ChatBot < 4.9.3 - Missing authorization in AJAX calls

Description The plugin does not check capabilities when processing AJAX actions, allowing unauthenticated attackers to perform actions intended for higher privileged users. This vulnerability is the same as CVE-2023-5533 but was reintroduced in version 4.9.2...

9.4AI score0.00531EPSS
Exploits0References1Affected Software1
Circl
Circl
added 2023/10/20 12:41 p.m.6 views

CVE-2023-5533

creationtimestamp| type| source ---|---|--- 2023-10-20 12:41:28+00:00| seen| https://t.me/cibsecurity/72684...

9.8CVSS8.7AI score0.00531EPSS
Exploits0References1
NVD
NVD
added 2023/10/20 8:15 a.m.25 views

CVE-2023-5656

Rejected reason: REJECT DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-5533. Reason: This record is a reservation duplicate of CVE-2023-5533. Notes: All CVE users should reference CVE-2023-5533 instead of this record. All references and descriptions in this record have been removed to prevent...

7.3AI score
Exploits0
NVD
NVD
added 2023/10/20 8:15 a.m.37 views

CVE-2023-5533

The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to missing capability checks on the corresponding functions in versions up to, and including, 4.8.9 as well as 4.9.2. This makes it possible for unauthenticated attackers to perform some of those actions tha...

9.8CVSS6.2AI score0.00531EPSS
Exploits0References2
CVE
CVE
added 2023/10/20 7:29 a.m.70 views

CVE-2023-5533

CVE-2023-5533 affects the WordPress AI ChatBot plugin. The vulnerability arises from missing capability checks on multiple AJAX actions, allowing unauthenticated users to invoke actions intended for higher-privileged users. Affected versions are up to and including 4.8.9 and also 4.9.2. Wordfence...

9.8CVSS9.2AI score0.00531EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/10/20 7:29 a.m.43 views

CVE-2023-5533 AI ChatBot <= 4.8.9 and 4.9.2 - Missing Authorization on AJAX actions

The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to missing capability checks on the corresponding functions in versions up to, and including, 4.8.9 as well as 4.9.2. This makes it possible for unauthenticated attackers to perform some of those actions tha...

5.3CVSS9.4AI score0.00531EPSS
Exploits0References2
Patchstack
Patchstack
added 2023/10/12 12:0 a.m.30 views

WordPress ChatBot Plugin <= 4.8.9 is vulnerable to Broken Access Control

Software ChatBot Type Plugin Vulnerable versions = 4.8.9 Fixed in 4.9.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-5533 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID ffa27d384955 Credits Marco Wotschka Required privilege...

9.8CVSS6.5AI score0.00531EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder