WordPress plugin qubotchat 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

WordPress plugin qubotchat 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

WordPress QuBotChat Plugin < 1.1.6 is vulnerable to Cross Site Scripting (XSS)

Software QuBotChat Type Plugin Vulnerable versions 1.1.6 Fixed in 1.1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2401 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 10e03bd32db6 Credits Bob Matyas Required privilege...

Qubotchat < 1.1.6 – Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Add a "button" to the chatbot 2. In the "Text...

qubotchat < 1.1.6 - Unauthenticated Stored XSS

The plugin doesn't filter user input on chat, leading to bad code inserted on it be reflected on the user dashboard. 1. Enter " as the malicious payload into the chatbot input. 2. See XSS vulnerability...

WordPress QuBotChat Plugin <= 1.1.5 is vulnerable to Cross Site Scripting (XSS)

Software QuBotChat Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2399 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 9f1b3d64b154 Credits Rafael B. Required privilege...