ArtiBot Free Chat Bot for WordPress WebSites <= 1.1.6 – Missing Authorization to Settings Update | CVE 2024-0447 | Plugin Vulnerabilities

Description

The ArtiBot Free Chat Bot for WordPress WebSites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the artibot_update function in all versions up to, and including, 1.1.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to update plugin settings.

Affects Plugins

No known fix

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/848f36de-c62a-45ee-b259-46dab73e4439

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Francesco Carlucci

Verified

No

WPVDB ID

fd48eb27-f81e-464b-ae1a-dde56776e5e0

Timeline

Publicly Published

2024-02-26 (about 2 years ago)

Added

2024-02-26 (about 2 years ago)

Last Updated

2024-02-26 (about 2 years ago)

Other

Published

Title

Published

2024-08-07

Title

Advanced Cron Manager – debug & control < 2.5.10 - Missing Authorization

Published

2024-03-21

Title

WP Compress – Image Optimizer < 6.11.11 - Missing Authorization to Unauthenticated CDN Modification

Published

2026-03-23

Title

Salon Booking System Pro < 10.30.12 - Missing Authorization

Published

2026-03-20

Title

New User Approve < 3.2.4 - Missing Authorization

Published

2025-04-01

Title

Job Board Manager <= 2.1.60 - Missing Authorization