Vulnerability CVE-2023-1660
Published: 2023-05-08

Description:
The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboard

Type:

CWE-352

 (Cross-Site Request Forgery (CSRF))

 References:
https://wpscan.com/vulnerability/1a5cbcfc-fa55-433a-a76b-3881b6c4bea2
Copyright 2026, cxsecurity.com

 

Back to Top