WordPress Plugin Vulnerabilities

ChatBot < 4.5.1 - Admin+ Stored XSS

Description

The plugin does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Proof of Concept

Put the following payload in the Your Company or Website Name settings of the plugin and save: " style=animation-name:rotation onanimationstart=alert(/XSS/)//

All settings are affected

Affects Plugins

Plugin icon
chatbot
Fixed in 4.5.1

References

CVE
CVE-2023-1649

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.5 (low)

Miscellaneous

Original Researcher
Erwan LR (WPScan)
Verified
Yes
WPVDB ID
ea806115-14ab-4bc4-a272-2141cb14454a

Timeline

Publicly Published
2023-04-12 (about 1 years ago)
Added
2023-04-12 (about 1 years ago)
Last Updated
2023-04-12 (about 1 years ago)

Other

Published
Title
Published
2021-10-25
Title
Falang multilanguage for WordPress < 1.3.18 - Reflected Cross-Site Scripting
Published
2024-04-16
Title
HT Mega < 2.5.0 - Contributor+ Stored XSS via Image Grid Widget
Published
2021-10-25
Title
Popup Anything < 2.0.4 - Contributor+ Stored Cross-Site Scripting
Published
2023-09-01
Title
Smarty for WordPress <= 3.1.35 - Admin+ Stored XSS
Published
2024-01-18
Title
GeneratePress Premium < 2.4.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via Custom Meta