Security Advisory

CVE-2023-1660

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-05-08 13:58:05

Last updated 2025-05-05 16:06:29

Assigner WPScan

State PUBLISHED

Description

The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboard

← Browse all CVEs View on cve.org ↗