CVE-2023-2399

The CVE-2023-2399 entry concerns the QuBot WordPress plugin. Affected version: prior to 1.1.6. Root cause: the plugin fails to filter user input in chat, allowing unauthenticated users to inject code that is reflected in the user dashboard (stored XSS). Documented impact: described as Unauthentic...

CVE-2023-2401

CVE-2023-2401 affects QuBotChat (QuBot WordPress plugin) prior to version 1.1.6. The issue is due to insufficient sanitisation/escaping of certain settings, enabling stored XSS by high-privilege users (e.g., admins) in scenarios like multisite. A fix is available in version 1.1.6. Public details ...