The AI ChatBot plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.8.9 and 4.9.2. This is due to missing or incorrect nonce validation on the corresponding functions. This makes it possible for unauthenticated attackers to invoke those functions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: Wordfence

Published: 2023-10-20T07:29:22.943Z

Updated: 2023-10-23T13:01:45.723Z

Reserved: 2023-10-11T19:02:27.552Z


Link: CVE-2023-5534

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2023-10-20T08:15:13.513

Modified: 2023-11-07T04:24:07.610


Link: CVE-2023-5534

JSON object: View

cve-icon Redhat Information

No data.

CWE