CVE-2025-12078

Name of the Vulnerable Software and Affected Versions ArtiBot Free Chat Bot for WebSites plugin for WordPress versions through 1.1.7

Description The software is susceptible to Reflected Cross-Site Scripting via PostMessage due to inadequate input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts into pages. Successful exploitation requires tricking a user into performing an action, such as clicking a link.

Recommendations Update to a version later than 1.1.7.