CVE-2023-24415: WordPress AI ChatBot plugin <= 4.2.8 is vulnerable to Cross Site Request Forgery (CSRF)
First published: Thu Feb 23 2023(Updated: )
Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud ChatBot ? plugin <= 4.2.8 versions.
Credit: audit@patchstack.com audit@patchstack.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Quantumcloud Chatbot | <4.2.9 |
Remedy
Update to 4.2.9 or a higher version.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-24415?
The severity of CVE-2023-24415 is high with a CVSS score of 8.8.
How does the Cross-Site Request Forgery (CSRF) vulnerability affect QuantumCloud ChatBot plugin?
The Cross-Site Request Forgery (CSRF) vulnerability affects QuantumCloud ChatBot plugin versions <= 4.2.8.
How can I mitigate the Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud ChatBot plugin?
To mitigate the Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud ChatBot plugin, update to version 4.2.9 or later.
What is the Common Weakness Enumeration (CWE) ID for CVE-2023-24415?
The Common Weakness Enumeration (CWE) ID for CVE-2023-24415 is CWE-352.
Where can I find more information about the Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud ChatBot plugin?
More information about the Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud ChatBot plugin can be found at https://patchstack.com/database/vulnerability/chatbot/wordpress-chatbot-plugin-4-2-8-cross-site-request-forgery-csrf?_s_id=cve.
- collector/nvd-index
- collector/mitre-cve
- collector/nvd-api
- agent/title
- agent/severity
- agent/author
- agent/references
- vendor/quantumcloud
- canonical/quantumcloud chatbot