Stored Cross-Site Scripting Vulnerability in ChatBot for WordPress
CVE-2023-5606
4.8MEDIUM
What is CVE-2023-5606?
The ChatBot for WordPress poses a stored cross-site scripting risk, allowing authenticated users with administrator-level permissions to inject malicious scripts via the FAQ Builder. The vulnerability arises due to inadequate input sanitization and output escaping, affecting only multi-site installations and those where unfiltered_html is disabled. This flaw can lead to arbitrary scripts being executed when users access compromised pages, creating significant security implications for affected sites. It is important to address this vulnerability to ensure the integrity and security of your WordPress site.
Affected Version(s)
AI ChatBot 4.8.6 <= 4.9.6