Описание
The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboard
Уязвимые конфигурации
Конфигурация 1Версия до 4.4.9 (исключая)
cpe:2.3:a:quantumcloud:wpbot:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 54%
0.00312
Низкий
6.1 Medium
CVSS3
Дефекты
Связанные уязвимости
CVSS3: 6.1
github
больше 2 лет назад
The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboard
EPSS
Процентиль: 54%
0.00312
Низкий
6.1 Medium
CVSS3