Lucene search
HistoryJun 19, 2023 - 11:15 a.m.
CVE-2023-2742
ai chatbot
wordpress
plugin
cve-2023-2742
xss
security vulnerability
nvd
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
21.6%
The AI ChatBot WordPress plugin before 4.5.5 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Affected configurations
Node
quantumcloudai_chatbotRange<4.5.5
| Vendor | Product | Version | CPE |
|---|---|---|---|
| quantumcloud | ai_chatbot | * | cpe:2.3:a:quantumcloud:ai_chatbot:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "AI ChatBot",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "4.5.5"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
prion
prion
Cross site scripting
2023-06-19 11:15:00
wpvulndb
wpvulndb
AI ChatBot < 4.5.5 - Admin+ Stored Cross-Site Scripting
2023-05-22 00:00:00
nvd
nvd
CVE-2023-2742
2023-06-19 11:15:10
wpexploit
wpexploit
AI ChatBot < 4.5.5 - Admin+ Stored Cross-Site Scripting
2023-05-22 00:00:00
cvelist
cvelist
CVE-2023-2742 AI ChatBot < 4.5.5 - Admin+ Stored Cross-Site Scripting
2023-06-19 10:52:43
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
21.6%
Related for CVE-2023-2742