CVE-2023-1660

Published: May 8, 2023Modified: May 12, 2025

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboard

Affected (1)

Products: Quantumcloud: Wpbot

Quantumcloud

1 product

Wpbot

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Quantumcloud Wpbot	Before 4.4.9

References (2)

https://wpscan.com/vulnerability/1a5cbcfc-fa55-433a-a76b-3881b6c4bea2

Source: contact@wpscan.com

Exploit

https://wpscan.com/vulnerability/1a5cbcfc-fa55-433a-a76b-3881b6c4bea2

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.