Stored Cross-Site Scripting Vulnerability in ChatBot for WordPress
CVE-2023-5606

4.8MEDIUM

Key Information:

Vendor: WordPress
Status: Ai Chatbot
Vendor: CVE Published:; 2 November 2023

What is CVE-2023-5606?

The ChatBot for WordPress poses a stored cross-site scripting risk, allowing authenticated users with administrator-level permissions to inject malicious scripts via the FAQ Builder. The vulnerability arises due to inadequate input sanitization and output escaping, affecting only multi-site installations and those where unfiltered_html is disabled. This flaw can lead to arbitrary scripts being executed when users access compromised pages, creating significant security implications for affected sites. It is important to address this vulnerability to ensure the integrity and security of your WordPress site.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

AI ChatBot 4.8.6 <= 4.9.6

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 2, 2023
Vulnerability Reserved
Oct 16, 2023

Credit

Huynh Tien Si

JSON

WordPress