CVE-2024-6843

Name of the Vulnerable Software and Affected Versions The Chatbot with ChatGPT WordPress plugin versions prior to 2.4.5

Description The issue concerns the lack of sanitization and escaping of user inputs, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admins. This could potentially impact a significant number of devices worldwide, although the exact number is not specified. The attacks could be performed by exploiting the unsanitized user inputs.

Recommendations For versions prior to 2.4.5, update to version 2.4.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation. Avoid using the plugin until the issue is resolved.