CVE-2023-5534

Опубликовано: 20 окт. 2023

Источник: nvd

CVSS3: 4.3

CVSS3: 5.4

EPSS Низкий

Описание

The AI ChatBot plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.8.9 and 4.9.2. This is due to missing or incorrect nonce validation on the corresponding functions. This makes it possible for unauthenticated attackers to invoke those functions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:quantumcloud:wpbot:*:*:*:*:*:wordpress:*:*

Версия до 4.8.9 (включая)

cpe:2.3:a:quantumcloud:wpbot:4.9.2:*:*:*:*:wordpress:*:*

EPSS

Процентиль: 19%

0.0006

Низкий

4.3 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-352

Связанные уязвимости

GHSA-8cfv-g2mq-hrpw

CVSS3: 4.3

github

больше 2 лет назад

The AI ChatBot plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.8.9. This is due to missing or incorrect nonce validation on the corresponding functions. This makes it possible for unauthenticated attackers to invoke those functions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

EPSS

Процентиль: 19%

0.0006

Низкий

4.3 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-352