WordPress · Ai Chatbot · CVE-2023-4253
**Name of the Vulnerable Software and Affected Versions**
AI ChatBot WordPress plugin versions prior to 4.7.8
**Description**
The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in multisite setups. This is due to the plugin not sanitizing and escaping some of its settings.
**Recommendations**
For versions prior to 4.7.8, update to version 4.7.8 or later to resolve the issue. As a temporary workaround, consider restricting the `unfiltered html` capability to minimize the risk of exploitation.