Vulnerability in Quantumcloud Wpbot

CVE-2023-1651

The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in the AJAX action responsible to update the OpenAI settings, allowing any authenticated users, such as subscriber to update them. Furthermore, due to the la…

EPSS: 0.002 (15.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.4 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N.

Affected products

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2023-1651?
CVE-2023-1651 is a medium-severity vulnerability in Quantumcloud Wpbot, classified under CWE-79 CROSS-SITE SCRIPTING (XSS). CVSS score: 5.4/10. Published 2023-05-08.
How severe is CVE-2023-1651?
Medium severity. CVSS v3 base score is 5.4 out of 10.
Is CVE-2023-1651 known to be exploited?
1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.