Medium severity6.1NVD Advisory· Published May 8, 2023· Updated Jun 17, 2026
CVE-2023-1011
CVE-2023-1011
Description
The AI ChatBot WordPress plugin before 4.4.5 does not escape most of its settings before outputting them back in the dashboard, and does not have a proper CSRF check, allowing attackers to make a logged in admin set XSS payloads in them.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <4.4.5
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/d1784446-b3da-4175-9dac-20b030f19984nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.