The AI ChatBot WordPress plugin before 4.5.6 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks to all admin when setting chatbot and all client when using chatbot
Name | Vendor | Start Version | End Version |
---|---|---|---|
Ai_chatbot | Quantumcloud | * | 4.5.6 (excluding) |