CVE-2023-5534

Name of the Vulnerable Software and Affected Versions AI ChatBot plugin for WordPress versions up to, and including, 4.8.9 AI ChatBot plugin for WordPress version 4.9.2

Description The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on certain functions. This allows unauthenticated attackers to invoke those functions via a forged request if they can trick a site administrator into performing an action, such as clicking on a link.

Recommendations For AI ChatBot plugin for WordPress versions up to, and including, 4.8.9, update to a version that includes the necessary nonce validation to prevent Cross-Site Request Forgery attacks. For AI ChatBot plugin for WordPress version 4.9.2, update to a version that includes the necessary nonce validation to prevent Cross-Site Request Forgery attacks. As a temporary workaround, consider restricting access to the functions that are vulnerable to Cross-Site Request Forgery until a patch is available.