Stored Cross-Site Scripting Vulnerability in ChatBot for WordPress
CVE-2023-5606
4.8MEDIUM
Summary
The ChatBot for WordPress poses a stored cross-site scripting risk, allowing authenticated users with administrator-level permissions to inject malicious scripts via the FAQ Builder. The vulnerability arises due to inadequate input sanitization and output escaping, affecting only multi-site installations and those where unfiltered_html is disabled. This flaw can lead to arbitrary scripts being executed when users access compromised pages, creating significant security implications for affected sites. It is important to address this vulnerability to ensure the integrity and security of your WordPress site.
Affected Version(s)
AI ChatBot 4.8.6 <= 4.9.6
References
CVSS V3.1
Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Huynh Tien Si