CVE-2023-4253: Chatbot < 4.7.8 - Admin+ Stored XSS in FAQ Builder
First published: Mon Sep 04 2023(Updated: )
The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Credit: contact@wpscan.com contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Quantumcloud Ai Chatbot | <4.7.8 | |
| <4.7.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of the AI ChatBot WordPress plugin?
The vulnerability ID of the AI ChatBot WordPress plugin is CVE-2023-4253.
What is the severity of CVE-2023-4253?
The severity of CVE-2023-4253 is medium with a severity value of 4.8.
What is the affected software for CVE-2023-4253?
The affected software for CVE-2023-4253 is the AI ChatBot WordPress plugin before version 4.7.8.
What is the CWE category for CVE-2023-4253?
The CWE category for CVE-2023-4253 is CWE-79.
How can Stored Cross-Site Scripting (XSS) attacks be performed through CVE-2023-4253?
Stored Cross-Site Scripting (XSS) attacks can be performed through CVE-2023-4253 by high privilege users, such as admins, who can exploit the plugin's lack of sanitization and escaping in its settings.
- collector/nvd-index
- agent/author
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/title
- agent/references
- agent/description
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- agent/tags
- agent/source
- vendor/quantumcloud
- canonical/quantumcloud ai chatbot