Описание
The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to missing capability checks on the corresponding functions in versions up to, and including, 4.8.9 as well as 4.9.2. This makes it possible for unauthenticated attackers to perform some of those actions that were intended for higher privileged users.
Ссылки
- Patch
- ProductThird Party Advisory
- Patch
- ProductThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.8.9 (включая)
Одно из
cpe:2.3:a:quantumcloud:wpbot:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:quantumcloud:wpbot:4.9.2:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 58%
0.00362
Низкий
5.3 Medium
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-862
Связанные уязвимости
CVSS3: 5.3
github
больше 2 лет назад
The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to missing capability checks on the corresponding functions in versions up to, and including, 4.8.9. This makes it possible for unauthenticated attackers to perform some of those actions that were intended for higher privileged users.
EPSS
Процентиль: 58%
0.00362
Низкий
5.3 Medium
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-862