WordPress Plugin Vulnerabilities

AI ChatBot < 4.6.1 - Admin+ Stored Cross-Site Scripting

Description

The plugin does not adequately escape some settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Proof of Concept

1. Visit WPBot Lite > Settings > Language Center.
2. Within any of the tabs ("General", "FAQ", or "ChatBot Keywords"), input the following string into one of the "multi" fields (with a red X button beside it).

POC: "onfocus=javascript:alert(document.domain) autofocus

3. Click "Save Settings"
4. Go back to the field which was updated with the above (you should now only see the text "POC" in the field) and click on it, giving the field focus. See the XSS alert.

Affects Plugins

Plugin icon
chatbot
Fixed in 4.6.1

References

CVE
CVE-2023-3175

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.5 (low)

Miscellaneous

Original Researcher
NGO VAN TU
Submitter
NGO VAN TU
Verified
Yes
WPVDB ID
7643980b-eaa2-45d1-bd9d-9afae0943f43

Timeline

Publicly Published
2023-06-19 (about 5 months ago)
Added
2023-06-19 (about 5 months ago)
Last Updated
2023-06-19 (about 5 months ago)

Other

Published
Title
Published
2023-11-29
Title
WP Pocket URLs <= 1.0.2 - Reflected Cross-Site Scripting
Published
2023-11-07
Title
Live Gold Price & Silver Price Charts Widgets <= 2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
Published
2022-05-25
Title
Promotion Slider <= 3.3.4 - Contributor+ Stored Cross-Site Scripting
Published
2021-02-10
Title
All In One WP Security & Firewall < 4.4.6 - Authenticated Cross-Site Scripting (XSS)
Published
2015-05-20
Title
uDesign Theme 1.8.0-2.7.9 - DOM Cross-Site Scripting (XSS)