The AI ChatBot WordPress plugin prior to 4.4.9 does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboard
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
quantumcloud ai chatbot |