CVE-2023-5534

EPSS 0.21%
Veröffentlicht 20.10.2023 08:15:13
Zuletzt bearbeitet 08.04.2026 18:18:29
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

AI ChatBot <= 4.8.9 and 4.9.2 - Cross-Site Request Forgery on AJAX actions

The AI ChatBot plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.8.9 and 4.9.2. This is due to missing or incorrect nonce validation on the corresponding functions. This makes it possible for unauthenticated attackers to invoke those functions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Mögliche Gegenmaßnahme

WPBot – AI ChatBot for Live Support, Lead Generation, AI Services: Update to one of the following versions, or a newer patched version: 4.9.1, 4.9.3

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 2 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Quantumcloud ≫ Wpbot SwPlatformwordpress Version <= 4.8.9

Quantumcloud ≫ Wpbot Version4.9.2 SwPlatformwordpress

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt WPBot – AI ChatBot for Live Support, Lead Generation, AI Services

Version *-4.8.9

Version 4.9.2

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.21%	0.105

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
security@wordfence.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2977505%40chatbot%2Ftrunk&old=2967435%40chatbot%2Ftrunk&sfp_email=&sfph_mail=

Patch

https://www.wordfence.com/threat-intel/vulnerabilities/id/846bd929-45cd-4e91-b232-ae16dd2b12a0?source=cve

Third Party Advisory

Product

https://www.wordfence.com/threat-intel/vulnerabilities/id/846bd929-45cd-4e91-b232-ae16dd2b12a0

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-5534

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-5534

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-5534

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-5534