Lucene search
Hao HuynhWPEX-ID:F689442A-A851-4140-A10C-AC579F9DA142HistoryMay 22, 2023 - 12:00 a.m.
AI ChatBot < 4.5.5 - Admin+ Stored Cross-Site Scripting
2023-05-2200:00:00
Hao Huynh
52
ai chatbot
version 4.5.5
admin+ access
stored cross-site scripting
plugin settings
wpbot lite
simple text responses
payload
test query
alert
xss
exploit
0.001 Low
EPSS
Percentile
21.5%
The plugin does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
1. Go to plugin settings under "WPBot Lite > Simple Text Responses"
2. Enter the payload `Test Query" onmouseover="alert(1)"` for the Query, Keyword, and/or Intent fields.
3. Save settings and move your mouse over the fields to see the XSS.
Related
wpvulndb
wpvulndb
AI ChatBot < 4.5.5 - Admin+ Stored Cross-Site Scripting
2023-05-22 00:00:00
cve
cve
CVE-2023-2742
2023-06-19 11:15:10
prion
prion
Cross site scripting
2023-06-19 11:15:00
nvd
nvd
CVE-2023-2742
2023-06-19 11:15:10
cvelist
cvelist
CVE-2023-2742 AI ChatBot < 4.5.5 - Admin+ Stored Cross-Site Scripting
2023-06-19 10:52:43