Cross-Site Request Forgery Vulnerability in AI ChatBot Plugin for WordPress
CVE-2023-5534
5.4MEDIUM
Summary
The AI ChatBot plugin for WordPress is susceptible to Cross-Site Request Forgery due to improper nonce validation in versions 4.8.9 and 4.9.2. This vulnerability allows unauthenticated attackers to execute malicious requests by tricking a site administrator into clicking a crafted link, potentially compromising site integrity. It is essential for users to update to the latest version to mitigate this security risk.
Affected Version(s)
AI ChatBot * <= 4.8.9
AI ChatBot 4.9.2
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Marco Wotschka