Sensitive Information Exposure in ChatBot Plugin for WordPress

Sensitive Information Exposure in ChatBot Plugin for WordPress

CVE-2023-5254 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

The ChatBot plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.8.9 via the qcld_wb_chatbot_check_user function. This can allow unauthenticated attackers to extract sensitive data including confirmation as to whether a user name exists on the site as well as order information for existing users.

Learn more about our Wordpress Pen Testing.