Vulnerability Details : CVE-2023-5656
The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to missing capability checks on the corresponding functions in versions up to, and including, 4.9.2. This makes it possible for unauthenticated attackers to perform some of those actions that were intended for higher privileged users. This vulnerability is the same as CVE-2023-5533 but was reintroduced in version 4.9.2.
Products affected by CVE-2023-5656
We don't have affected product information for this CVE yet
Exploit prediction scoring system (EPSS) score for CVE-2023-5656
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 8 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-5656
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
3.9
|
1.4
|
Wordfence |
CWE ids for CVE-2023-5656
-
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.Assigned by: security@wordfence.com (Secondary)
References for CVE-2023-5656
-
https://www.wordfence.com/threat-intel/vulnerabilities/id/9f77257a-0795-47d7-b4d4-7ce4b2a65d25?source=cve
AI ChatBot 4.9.2 - Missing Authorization on AJAX actions
-
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2981113%40chatbot%2Ftrunk&old=2980494%40chatbot%2Ftrunk&sfp_email=&sfph_mail=#file5
Diff [2980494:2981113] for chatbot/trunk – WordPress Plugin Repository
-
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2977505%40chatbot%2Ftrunk&old=2967435%40chatbot%2Ftrunk&sfp_email=&sfph_mail=
429 Too Many Requests
Jump to