CVE-2023-1011: ChatBot < 4.4.5 - Stored XSS via CSRF
First published: Mon May 08 2023(Updated: )
The AI ChatBot WordPress plugin before 4.4.5 does not escape most of its settings before outputting them back in the dashboard, and does not have a proper CSRF check, allowing attackers to make a logged in admin set XSS payloads in them.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Quantumcloud Ai Chatbot | <4.4.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for the AI ChatBot WordPress plugin?
The vulnerability ID for the AI ChatBot WordPress plugin is CVE-2023-1011.
What is the severity rating of CVE-2023-1011?
CVE-2023-1011 has a severity rating of medium (6.1).
What does the AI ChatBot WordPress plugin vulnerability allow attackers to do?
The vulnerability allows attackers to make a logged-in admin set XSS payloads in the plugin's settings.
Is there a fix available for CVE-2023-1011?
Yes, the fix for CVE-2023-1011 is to update the AI ChatBot WordPress plugin to version 4.4.5 or newer.
Where can I find more information about CVE-2023-1011?
More information about CVE-2023-1011 can be found at: https://wpscan.com/vulnerability/d1784446-b3da-4175-9dac-20b030f19984
- collector/nvd-latest
- collector/nvd-index
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/title
- agent/last-modified-date
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/tags
- agent/source
- vendor/quantumcloud
- canonical/quantumcloud ai chatbot