logo
Vulnerability feed
CONTRIBUTE

Vulnerability

warn

CVE-2023-1651

Reference to the description:

https://nvd.nist.gov/vuln/detail/CVE-2023-1651

Description:
The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in the AJAX action responsible to update the OpenAI settings, allowing any authenticated users, such as subscriber to update them. Furthermore, due to the lack of escaping of the settings, this could also lead to Stored XSS
Last updated date:
05/11/2023
Type:
exploit
Confidence:
HIGH
Date of publishing:
05/11/2023
Reference url to background

https://wpscan.com/vulnerability/c88b22ba-4fc2-49ad-a457-224157521bad

Vulnerability FeedContributorsAboutBlog

@inTheWild

©2024

Privacy Policy