CVE-2023-6985 Information

Description

The 10Web AI Assistant – AI content writing assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the install_plugin AJAX action in all versions up to and including 1.0.18. This makes it possible for authenticated attackers with subscriber-level access and above to install arbitrary plugins that can be used to gain further access to a compromised site.

Reference

https://www.wordfence.com/threat-intel/vulnerabilities/id/229245a5-468d-47b9-8f26-d23d593e91da?source=cve https://plugins.trac.wordpress.org/changeset/3027004/ai-assistant-by-10web/trunk/ai-assistant-by-10web.php