AI ChatBot < 4.9.1 – Missing authorization in AJAX calls | CVE 2023-5533

Affects Plugins

Fixed in 4.9.1

References

CVE

CVE-2023-5533

URL

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/chatbot/ai-chatbot-489-missing-authorization-on-ajax-actions

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CWE-862

CVSS

5.3 (medium)

Miscellaneous

Original Researcher

Marco Wotschka

Verified

No

WPVDB ID

8fa2ecd1-31ac-47f8-a9d4-08f30710eb75

Timeline

Publicly Published

2023-10-11 (about 2 years ago)

Added

2023-10-24 (about 2 years ago)

Last Updated

2023-10-24 (about 2 years ago)

Other

Published

Title

Published

2026-04-23

Title

AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress < 5.6.8 - Missing Authorization

Published

2024-08-16

Title

Order Tracking < 3.3.13 - Missing Authorization via send_test_email()

Published

2025-09-22

Title

DethemeKit For Elementor <= 2.1.10 - Missing Authorization

Published

2023-10-24

Title

WP EXtra < 6.3 - Subscriber+ .htaccess File Modification

Published

2025-09-26

Title

TheGem (Elementor) < 5.10.5.1 - Missing Authorization