CVE-2023-1011

Name of the Vulnerable Software and Affected Versions AI ChatBot WordPress plugin versions prior to 4.4.5

Description The issue concerns the AI ChatBot WordPress plugin, which does not properly escape most of its settings before outputting them in the dashboard and lacks a proper CSRF check. This allows attackers to make a logged-in admin set XSS payloads in the settings.

Recommendations For versions prior to 4.4.5, update to version 4.4.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings in the dashboard to minimize the risk of exploitation.