CVE-2023-5212

Name of the Vulnerable Software and Affected Versions AI ChatBot plugin for WordPress versions up to, and including, 4.8.9 AI ChatBot plugin for WordPress version 4.9.2

Description The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion. This makes it possible for authenticated attackers with subscriber privileges to delete arbitrary files on the server, which can lead to taking over affected sites as well as others sharing the same hosting account. Version 4.9.1 originally addressed the issue, but it was reintroduced in 4.9.2 and fixed again in 4.9.3.

Recommendations For versions up to, and including, 4.8.9, update to version 4.9.1 or later to resolve the issue. For version 4.9.2, update to version 4.9.3 to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories on the server to minimize the risk of exploitation.