The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in the AJAX action responsible to update the OpenAI settings, allowing any authenticated users, such as subscriber to update them. Furthermore, due to the lack of escaping of the settings, this could also lead to Stored XSS
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2023-05-08T13:58:09.550Z
Updated: 2024-08-02T05:57:24.414Z
Reserved: 2023-03-27T09:57:35.493Z
Link: CVE-2023-1651
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-05-08T14:15:12.867
Modified: 2024-11-21T07:39:37.787
Link: CVE-2023-1651
Redhat
No data.