CVE-2023-5212 - OpenCVE

The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 4.8.9 as well as version 4.9.2. This makes it possible for authenticated attackers with subscriber privileges to delete arbitrary files on the server, which makes it possible to take over affected sites as well as others sharing the same hosting account. Version 4.9.1 originally addressed the issue, but it was reintroduced in 4.9.2 and fixed again in 4.9.3.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Quantumcloud	Ai Chatbot

Configuration 1 [-]

OR	cpe:2.3:a:quantumcloud:ai_chatbot::::::wordpress::*
	cpe:2.3:a:quantumcloud:ai_chatbot:4.9.2:::::wordpress::

References

Link	Resource
http://packetstormsecurity.com/files/175371/WordPress-AI-ChatBot-4.8.9-SQL-Injection-Traversal-File-Deletion.html	Third Party Advisory VDB Entry
https://plugins.trac.wordpress.org/browser/chatbot/trunk/includes/openai/qcld-bot-openai.php?rev=2957286#L576	Product
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2977505%40chatbot%2Ftrunk&old=2967435%40chatbot%2Ftrunk&sfp_email=&sfph_mail=	Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/5b3f4ccb-fcc6-42ec-8e9e-03d69ae7acf2?source=cve	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Wordfence

Published: 2023-10-19T05:34:11.570Z

Updated: 2023-10-23T13:01:38.076Z

Reserved: 2023-09-26T21:05:50.529Z

Link: CVE-2023-5212

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-10-19T06:15:11.377

Modified: 2023-12-22T19:03:10.293

Link: CVE-2023-5212

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-5212", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2023-09-26T21:05:50.529Z", "datePublished": "2023-10-19T05:34:11.570Z", "dateUpdated": "2023-10-23T13:01:38.076Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2023-10-23T13:01:38.076Z"}, "affected": [{"vendor": "quantumcloud", "product": "AI ChatBot", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "4.8.9", "versionType": "semver"}, {"version": "4.9.2", "status": "affected"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 4.8.9 as well as version 4.9.2. This makes it possible for authenticated attackers with subscriber privileges to delete arbitrary files on the server, which makes it possible to take over affected sites as well as others sharing the same hosting account. Version 4.9.1 originally addressed the issue, but it was reintroduced in 4.9.2 and fixed again in 4.9.3."}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5b3f4ccb-fcc6-42ec-8e9e-03d69ae7acf2?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/chatbot/trunk/includes/openai/qcld-bot-openai.php?rev=2957286#L576"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2977505%40chatbot%2Ftrunk&old=2967435%40chatbot%2Ftrunk&sfp_email=&sfph_mail="}, {"url": "http://packetstormsecurity.com/files/175371/WordPress-AI-ChatBot-4.8.9-SQL-Injection-Traversal-File-Deletion.html"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H", "baseScore": 9.6, "baseSeverity": "CRITICAL"}}], "credits": [{"lang": "en", "type": "finder", "value": "Marco Wotschka"}, {"lang": "en", "type": "finder", "value": "Chloe Chamberland"}], "timeline": [{"time": "2023-09-26T00:00:00.000+00:00", "lang": "en", "value": "Discovered"}, {"time": "2023-10-11T00:00:00.000+00:00", "lang": "en", "value": "Disclosed"}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:quantumcloud:ai_chatbot:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "4CA9F786-40A5-43EF-ABE6-145C83223484", "versionEndExcluding": "4.9.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:quantumcloud:ai_chatbot:4.9.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "C54E19C0-77EE-4C3A-9DCD-4740E77D6D89", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 4.8.9 as well as version 4.9.2. This makes it possible for authenticated attackers with subscriber privileges to delete arbitrary files on the server, which makes it possible to take over affected sites as well as others sharing the same hosting account. Version 4.9.1 originally addressed the issue, but it was reintroduced in 4.9.2 and fixed again in 4.9.3."}, {"lang": "es", "value": "El complemento AI ChatBot para WordPress es vulnerable a la eliminaci\u00f3n arbitraria de archivos en versiones hasta la 4.8.9 incluida, as\u00ed como en la versi\u00f3n 4.9.2. Esto hace posible que atacantes autenticados con privilegios de suscriptor eliminen archivos arbitrarios en el servidor, lo que hace posible hacerse cargo de los sitios afectados, as\u00ed como de otros que comparten la misma cuenta de alojamiento. La versi\u00f3n 4.9.1 solucion\u00f3 originalmente el problema, pero se reintrodujo en 4.9.2 y se solucion\u00f3 nuevamente en 4.9.3."}], "id": "CVE-2023-5212", "lastModified": "2023-12-22T19:03:10.293", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 5.8, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2023-10-19T06:15:11.377", "references": [{"source": "security@wordfence.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/175371/WordPress-AI-ChatBot-4.8.9-SQL-Injection-Traversal-File-Deletion.html"}, {"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/chatbot/trunk/includes/openai/qcld-bot-openai.php?rev=2957286#L576"}, {"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2977505%40chatbot%2Ftrunk&old=2967435%40chatbot%2Ftrunk&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5b3f4ccb-fcc6-42ec-8e9e-03d69ae7acf2?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}