CVE-2023-1650

CRITICAL

AI ChatBot WP <4.4.7 - Code Injection

Title source: llm

Description

The AI ChatBot WordPress plugin before 4.4.7 unserializes user input from cookies via an AJAX action available to unauthenticated users, which could allow them to perform PHP Object Injection when a suitable gadget is present on the blog

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/7d7fe498-0aa3-4fa7-b560-610b42b2abed

Scores

CVSS v3 9.8

EPSS 0.4881

EPSS Percentile 97.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (1)

quantumcloud/wpbot < 4.4.7

Timeline

Published May 08, 2023

Tracked Since Feb 18, 2026