CVE-2024-5993

Name of the Vulnerable Software and Affected Versions: The Cliengo – Chatbot plugin for WordPress versions up to, and including, 3.0.1

Description: The issue is related to a missing capability check on the update session function, allowing authenticated attackers with Subscriber-level access and above to update the session token of the chatbot. This enables unauthorized modification of data.

Recommendations: For versions up to, and including, 3.0.1, update to a version that includes a fix for the missing capability check on the update session function. As a temporary workaround, consider restricting access to the update session function to prevent unauthorized modifications until a patch is available.