Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 8:27 a.m.3 views

CVE-2024-5993

The Cliengo – Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updatesession' function in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

5.4CVSS5.9AI score0.00465EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/09 8:33 a.m.22 views

CVE-2024-5993 Cliengo - Chatbot <= 3.0.2 - Missing Authorization to Authorized (Subscriber+) Chatbot Settings Update

The Cliengo – Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updatesession' function in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

5.4CVSS0.00465EPSS
Exploits0References2
CVE
CVE
added 2024/07/09 8:33 a.m.45 views

CVE-2024-5993

CVE-2024-5993 (Cliengo – Chatbot plugin for WordPress) affects all versions up to 3.0.1. Red Hat’s entry indicates the root cause is a missing capability check in the update_session function, enabling authenticated users with Subscriber-level access and above to modify the chatbot session token. ...

5.4CVSS5.9AI score0.00465EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/07/09 12:0 a.m.10 views

WordPress Cliengo – Chatbot Plugin <= 3.0.1 is vulnerable to Broken Access Control

Software Cliengo – Chatbot Type Plugin Vulnerable versions = 3.0.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5993 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 950b128377a0 Credits Lucio Sá Required privilege...

5.4CVSS6.6AI score0.00465EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder