5.4
CVE-2023-1651
- EPSS 0.24%
- Veröffentlicht 08.05.2023 14:15:12
- Zuletzt bearbeitet 12.05.2025 15:09:58
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginChatBot < 4.4.9 - Subscriber+ OpenAI Settings Update to Stored XSS
ChatBot <= 4.4.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting via openai_settings_option_callback
The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in the AJAX action responsible to update the OpenAI settings, allowing any authenticated users, such as subscriber to update them. Furthermore, due to the lack of escaping of the settings, this could also lead to Stored XSS
Mögliche Gegenmaßnahme
WPBot – AI ChatBot for Live Support, Lead Generation, AI Services: Update to version 4.4.9, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Quantumcloud ≫ Wpbot SwPlatformwordpress Version < 4.4.9
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
WPBot – AI ChatBot for Live Support, Lead Generation, AI Services
Version
*-4.4.8
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.24% | 0.151 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
https://wpscan.com/vulnerability/c88b22ba-4fc2-49ad-a457-224157521bad
https://www.wordfence.com/threat-intel/vulnerabilities/id/d69cfed9-7369-40f3-b9a7-0cf2430e8eed