WordPress Plugin Vulnerabilities

Chatbot < 4.7.8 - Admin+ Stored XSS in FAQ Builder

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Proof of Concept

1. Navigate to "WPBot Lite -> Setting -> FAQ Builder"
2. Enter XSS Payload of `<script>alert(1)</script>` to FAQ query and FAQ answer.
3. Save Settings
4. Visit any blog page without login or authentication and use AI ChatBot's "bot chat" feature then typing FAQ will trigger payload.

Affects Plugins

Plugin icon
chatbot
Fixed in 4.7.8

References

CVE
CVE-2023-4253

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.5 (low)

Miscellaneous

Original Researcher
Nguyen Hoang Nam
Submitter
Nguyen Hoang Nam
Verified
Yes
WPVDB ID
1cbbab9e-be3d-4081-bc0e-c52d500d9871

Timeline

Publicly Published
2023-08-08 (about 3 months ago)
Added
2023-08-08 (about 3 months ago)
Last Updated
2023-08-08 (about 3 months ago)

Other

Published
Title
Published
2015-01-06
Title
WP SlimStat <= 3.9.1 - Cross-Site Scripting (XSS)
Published
2012-08-08
Title
Mini Mail Dashboard Widget 1.42 - Message Body XSS
Published
2022-05-09
Title
Form Maker By 10Web < 1.14.12 - Admin+ Stored Cross-Site Scripting
Published
2023-03-08
Title
W4 Post List < 2.4.5 - Contributor+ Stored XSS
Published
2023-02-23
Title
CPT - Speakers <= 1.1 - Admin+ Stored XSS