We use cookies to improve your experience on our site.
AVID-2026-R1320
Description
Vulnerability CVE-2023-5534
Details
The AI ChatBot plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.8.9 and 4.9.2. This is due to missing or incorrect nonce validation on the corresponding functions. This makes it possible for unauthenticated attackers to invoke those functions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Reason for inclusion in AVID: CVE-2023-5534 describes a CSRF vulnerability in the AI ChatBot WordPress plugin (versions up to 4.8.9 and 4.9.2) due to missing nonce validation. The plugin functions as an AI chatbot component within a WordPress site, making it a software element used in AI deployments. This is a software vulnerability in a component used to build/run AI systems (AI tooling/stack), not hardware-only. The report includes CVE references and external sources, providing clear evidence of the vulnerability.
References
- NVD entry
- https://www.wordfence.com/threat-intel/vulnerabilities/id/846bd929-45cd-4e91-b232-ae16dd2b12a0?source=cve
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2977505%40chatbot%2Ftrunk&old=2967435%40chatbot%2Ftrunk&sfp_email=&sfph_mail=
Affected or Relevant Artifacts
- Developer: quantumcloud
- Deployer: quantumcloud
- Artifact Details:
| Type | Name |
|---|---|
| System | AI ChatBot |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CVSS
| Version | 3.1 |
| Vector String | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
| Base Score | 4.3 |
| Base Severity | 🟠 Medium |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2023-10-20
- Version: 0.3.3
- AVID Entry