CVE-2023-1651

Name of the Vulnerable Software and Affected Versions AI ChatBot WordPress plugin versions prior to 4.4.9

Description The issue concerns a lack of authorization and CSRF protection in the AJAX action for updating OpenAI settings. This allows any authenticated user, such as a subscriber, to modify these settings. Additionally, the lack of proper escaping of settings can lead to Stored XSS.

Recommendations For versions prior to 4.4.9, update to version 4.4.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX action responsible for updating OpenAI settings to prevent unauthorized changes.