The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboard
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2023-05-08T13:58:05.324Z
Updated: 2024-08-02T05:57:24.765Z
Reserved: 2023-03-27T14:29:14.721Z
Link: CVE-2023-1660
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-05-08T14:15:13.173
Modified: 2024-11-21T07:39:38.397
Link: CVE-2023-1660
Redhat
No data.