ChatBot < 4.9.1 – Unauthenticated Blind SQL Injection | CVE 2023-5204

Affects Plugins

chatbot

Fixed in 4.9.1

References

CVE

CVE-2023-5204

Classification

Type

SQLI

OWASP top 10

A1: Injection

CWE

CWE-89

CVSS

9.8 (critical)

Miscellaneous

Original Researcher

Marco Wotschka

Verified

No

WPVDB ID

67e04e08-6a07-477c-a0f8-5189f87fffc0

Timeline

Publicly Published

2023-10-11 (about 2 years ago)

Added

2023-10-20 (about 2 years ago)

Last Updated

2023-10-20 (about 2 years ago)

Other

Published

Title

Published

2024-10-18

Title

Duplicate Title Validate < 1.4 - Subscriber+ SQL Injection

Published

2023-05-11

Title

Slimstat Analytics < 5.0.5 - Admin+ SQLi

Published

2023-04-13

Title

Cyr to Lat < 3.7 - Editor+ SQL Injection

Published

2025-07-16

Title

YayExtra < 1.5.6 - Authenticated (Administrator+) SQL Injection

Published

2022-04-11

Title

SiteSuperCharger < 5.2.0 - Unauthenticated SQLi