Описание
The AI ChatBot plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 4.9.2. This is due to missing or incorrect nonce validation on the corresponding functions. This makes it possible for unauthenticated attackers to invoke those functions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This vulnerability is the same as CVE-2023-5534, but was reintroduced in version 4.9.2.
The AI ChatBot plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 4.9.2. This is due to missing or incorrect nonce validation on the corresponding functions. This makes it possible for unauthenticated attackers to invoke those functions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This vulnerability is the same as CVE-2023-5534, but was reintroduced in version 4.9.2.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-5655
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2977505%40chatbot%2Ftrunk&old=2967435%40chatbot%2Ftrunk&sfp_email=&sfph_mail=
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2981113%40chatbot%2Ftrunk&old=2980494%40chatbot%2Ftrunk&sfp_email=&sfph_mail=#file5
- https://www.wordfence.com/threat-intel/vulnerabilities/id/d3432862-6d86-4f37-a9df-70b48b0af8df?source=cve
Связанные уязвимости
Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-5534. Reason: This record is a reservation duplicate of CVE-2023-5534. Notes: All CVE users should reference CVE-2023-5534 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.