Description
WordPress Plugin AI ChatBot is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin AI ChatBot versions up to, and including, 4.8.9 and version 4.9.2 are vulnerable.
Remediation
Update to plugin versions 4.9.1, 4.9.3 or latest
References
Related Vulnerabilities
Oracle HTTP Server Other Vulnerability (CVE-2012-2751)
WordPress Plugin Apptivo eCommerce Multiple Cross-Site Scripting Vulnerabilities (1.1.5)
Python Integer Overflow or Wraparound Vulnerability (CVE-2008-1679)
IBM WebSEAL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1805)
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-35150)