Arbitrary File Upload Vulnerability in Kognetiks Chatbot for WordPress Plugin
CVE-2024-4560

9.8CRITICAL

Key Information:

Vendor: Kognetiks
Status: Kognetiks Chatbot For WordPress
Vendor: CVE Published:; 14 May 2024

Summary

The Kognetiks Chatbot for WordPress plugin is exposed to a vulnerability allowing arbitrary file uploads due to inadequate file type validation in its upload function. This security lapse affects all versions prior to 1.9.9, enabling unauthenticated attackers to exploit the flaw and upload malicious files to the server. Such an upload may pave the way for remote code execution, potentially compromising the integrity and security of the affected WordPress site.

Affected Version(s)

Kognetiks Chatbot for WordPress * <= 1.9.9

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/chatbot-chatgp...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 14, 2024
Vulnerability Reserved
May 6, 2024

Collectors

NVD DatabaseMitre Database

Credit

Francesco Carlucci