CVE-2023-1660 Information

Description

The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in a function hooked to init allowing unauthenticated users to update some settings leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboard

Reference

https://wpscan.com/vulnerability/1a5cbcfc-fa55-433a-a76b-3881b6c4bea2