The AI ChatBot WordPress plugin before 4.4.5 does not escape most of its settings before outputting them back in the dashboard, and does not have a proper CSRF check, allowing attackers to make a logged in admin set XSS payloads in them.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2023-05-08T13:58:06.876Z
Updated: 2024-08-02T05:32:46.273Z
Reserved: 2023-02-24T10:36:58.523Z
Link: CVE-2023-1011
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-05-08T14:15:12.367
Modified: 2024-11-21T07:38:17.137
Link: CVE-2023-1011
Redhat
No data.