CVE-2023-5241

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Oct 19, 2023

Updated: Dec 22, 2023

CWE ID 22

Summary

CVE-2023-5241 is a directory traversal vulnerability affecting the AI ChatBot plugin for WordPress. This issue, present in versions up to 4.8.9 and 4.9.2, allows subscriber-level attackers to manipulate the qcld_openai_upload_pagetraining_file function. By appending "<?php" to an existing file, attackers can inject malicious code, leading to potential Denial of Service (DoS) attacks, particularly when targeting critical files like wp-config.php.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Quantum Cloud

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/s0Ep5X
https://www.cve.org/CVERecord?id=CVE-2023-5241
https://nvd.nist.gov/vuln/detail/CVE-2023-5241

Back to Vulnerability Database

CVE-2023-5241

CVSS 3.1 Score 8.1 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations