WordPress SmartSearch WP Plugin < 2.4.6 is vulnerable to Sensitive Data Exposure

Software SmartSearch WP Type Plugin Vulnerable versions 2.4.6 Fixed in 2.4.6 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6845 Patch priority Medium CVSS severity Medium 5.8 Developer Claim ownership PSID e581162ffbea Credits Kieran Burge Required...

CVE-2024-6847 SmartSearch WP <= 2.4.4 - Unauthenticated SQLi

The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users when submitting messages to the chatbot...

WordPress SmartSearch WP Plugin <= 2.4.4 is vulnerable to SQL Injection

Software SmartSearch WP Type Plugin Vulnerable versions = 2.4.4 Fixed in 2.4.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-6847 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 2bfe1eee61ea Credits Karolis Narvilas Required privilege Unauthenticat...

CVE-2024-6843 SmartSearch WP <= 2.4.4 - Unauthenticated Stored XSS

The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not sanitise and escape user inputs, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admins...

WordPress SmartSearch WP Plugin <= 2.4.4 is vulnerable to Cross Site Scripting (XSS)

Software SmartSearch WP Type Plugin Vulnerable versions = 2.4.4 Fixed in 2.4.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6843 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 29f289a57217 Credits Karolis Narvilas...