The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboard
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2023-05-08T13:58:05.324Z

Updated: 2024-08-02T05:57:24.765Z

Reserved: 2023-03-27T14:29:14.721Z

Link: CVE-2023-1660

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-05-08T14:15:13.173

Modified: 2024-11-21T07:39:38.397

Link: CVE-2023-1660

cve-icon Redhat

No data.