8 matches found
CVE-2023-5606
The CVE-2023-5606 issue affects the WordPress Plugin ChatBot, specifically versions 4.8.6 through 4.9.6. The root cause is insufficient input sanitization and output escaping in the FAQ Builder, enabling Stored Cross-Site Scripting. Impact is limited to sites using multisite installations or with...
CVE-2023-4253
The CVE-2023-4253 entry concerns the WordPress plugin AI ChatBot (up to version 4.7.8). The issue is improper sanitisation/escaping of certain settings, enabling stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed. Public details in connected Red Hat and NVD ...
CVE-2023-2811
CVE-2023-2811 affects the AI ChatBot WordPress plugin (pre-4.5.6). The issue is due to insufficient sanitisation/escaping of numerous settings, allowing stored cross-site scripting that can impact all admins when configuring the chatbot and all users of the chatbot. The primary root cause is impr...
CVE-2023-1649
CVE-2023-1649 affects the AI ChatBot WordPress plugin prior to version 4.5.1. The flaw arises from insufficient sanitization/escaping of numerous settings, enabling Stored XSS by high-privilege users (e.g., admins), including in multisite configurations where unfiltered_html is disallowed. The vu...
CVE-2023-4254
The CVE-2023-4254 entry concerns the AI ChatBot WordPress plugin prior to version 4.7.8, which fails to sanitise/escape certain settings, enabling Stored XSS by high-privilege users (e.g., Admin) even when unfiltered_html is disallowed (such as in multisite). Public details in connected documents...
CVE-2023-2742
CVE-2023-2742 affects the AI ChatBot WordPress plugin (pre-4.5.5). The vulnerability is a stored XSS due to unsanitized/uncleaned settings in the admin UI, allowing an admin (high-privilege user) to inject scripts even when unfiltered_html is disallowed. Root cause: settings are not sanitized/esc...
CVE-2023-3175
The CVE-2023-3175 entry is supported by multiple connected documents describing a stored Cross-Site Scripting vulnerability in the AI ChatBot WordPress plugin prior to version 4.6.1. The issue arises because certain settings are not adequately escaped, allowing high-privilege users (e.g., admins)...
CVE-2025-0329
The CVE-2025-0329 entry concerns the AI ChatBot for WordPress (WPBot) plugin for WordPress, affected versions prior to 6.2.4. The root cause is insufficient sanitization and escaping of certain settings, which could enable stored cross-site scripting (XSS) by high-privilege users (e.g., admins), ...