The AI ChatBot WordPress plugin before 4.4.5 does not escape most of its settings before outputting them back in the dashboard, and does not have a proper CSRF check, allowing attackers to make a logged in admin set XSS payloads in them.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2023-05-08T13:58:06.876Z

Updated: 2024-08-02T05:32:46.273Z

Reserved: 2023-02-24T10:36:58.523Z

Link: CVE-2023-1011

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-05-08T14:15:12.367

Modified: 2024-11-21T07:38:17.137

Link: CVE-2023-1011

cve-icon Redhat

No data.