mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
917 B
917 B
CVE-2023-1011
&color=brighgreen)
&color=brighgreen)
Description
The AI ChatBot WordPress plugin before 4.4.5 does not escape most of its settings before outputting them back in the dashboard, and does not have a proper CSRF check, allowing attackers to make a logged in admin set XSS payloads in them.
POC
Reference
Github
No PoCs found on GitHub currently.