Vulnerability — CVE-2023-1011

CVE-2023-1011

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2023-1011
Description:: The AI ChatBot WordPress plugin before 4.4.5 does not escape most of its settings before outputting them back in the dashboard, and does not have a proper CSRF check, allowing attackers to make a logged in admin set XSS payloads in them.
Last updated date:: 05/12/2023

Type:: exploit
Confidence:: HIGH
Date of publishing:: 05/12/2023
Reference url to background: https://wpscan.com/vulnerability/d1784446-b3da-4175-9dac-20b030f19984