exploitDog

CVE-2023-1650

Опубликовано: 08 мая 2023

Источник: nvd

CVSS3: 9.8

EPSS Средний

Описание

The AI ChatBot WordPress plugin before 4.4.7 unserializes user input from cookies via an AJAX action available to unauthenticated users, which could allow them to perform PHP Object Injection when a suitable gadget is present on the blog

Ссылки

https://wpscan.com/vulnerability/7d7fe498-0aa3-4fa7-b560-610b42b2abed
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/7d7fe498-0aa3-4fa7-b560-610b42b2abed
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:quantumcloud:wpbot:*:*:*:*:*:wordpress:*:*

Версия до 4.4.7 (исключая)

EPSS

Процентиль: 98%

0.46437

Средний

9.8 Critical

CVSS3

Дефекты

CWE-502

CWE-502

Связанные уязвимости

GHSA-5fh8-2chr-gvvq

CVSS3: 9.8

github

больше 2 лет назад

The AI ChatBot WordPress plugin before 4.4.7 unserializes user input from cookies via an AJAX action available to unauthenticated users, which could allow them to perform PHP Object Injection when a suitable gadget is present on the blog

EPSS

Процентиль: 98%

0.46437

Средний

9.8 Critical

CVSS3

Дефекты

CWE-502

CWE-502