CVE-2023-2811

Name of the Vulnerable Software and Affected Versions AI ChatBot WordPress plugin versions prior to 4.5.6

Description The issue concerns the AI ChatBot WordPress plugin, which does not properly sanitise and escape numerous settings. This could allow high-privilege users, such as administrators, to perform Stored Cross-Site Scripting attacks. These attacks could affect all administrators when setting up the chatbot and all clients when using the chatbot.

Recommendations For versions prior to 4.5.6, update to version 4.5.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the chatbot settings to minimize the risk of exploitation. Avoid using the vulnerable settings in the affected plugin until the issue is resolved.