CVE-2023-1011 Information

Description

The AI ChatBot WordPress plugin before 4.4.5 does not escape most of its settings before outputting them back in the dashboard and does not have a proper CSRF check allowing attackers to make a logged in admin set XSS payloads in them.

Reference

https://wpscan.com/vulnerability/d1784446-b3da-4175-9dac-20b030f19984