CVE-2023-1660: ChatBot < 4.4.9 - Unauthenticated Stored XSS
First published: Mon May 08 2023(Updated: )
The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboard
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Quantumcloud Ai Chatbot | <4.4.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of the AI ChatBot WordPress plugin?
The vulnerability ID of the AI ChatBot WordPress plugin is CVE-2023-1660.
What is the severity of CVE-2023-1660?
CVE-2023-1660 has a severity rating of medium (6.1).
What does CVE-2023-1660 allow unauthenticated users to do?
CVE-2023-1660 allows unauthenticated users to update certain settings, leading to Stored XSS (Cross-Site Scripting) in the admin dashboard.
How can the AI ChatBot WordPress plugin vulnerability be fixed?
To fix the AI ChatBot WordPress plugin vulnerability (CVE-2023-1660), update to version 4.4.9 or later.
What are the Common Weakness Enumeration (CWE) categories associated with CVE-2023-1660?
The Common Weakness Enumeration (CWE) categories associated with CVE-2023-1660 are CWE-79 (Improper Neutralization of Input During Web Page Generation) and CWE-352 (Cross-Site Request Forgery (CSRF)).
- collector/nvd-latest
- collector/nvd-index
- agent/type
- agent/weakness
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/title
- agent/references
- agent/severity
- agent/event
- agent/description
- agent/first-publish-date
- agent/tags
- agent/source
- vendor/quantumcloud
- canonical/quantumcloud ai chatbot