{"data":{"id":"2bbd3b02-d463-425c-a841-4efaf6fe085f","title":"CVE-2024-6722: The Chatbot Support AI: Free ChatGPT Chatbot, Woocommerce Chatbot WordPress plugin through 1.0.2 does not sanitise and e","summary":"A WordPress plugin called Chatbot Support AI (versions up to 1.0.2) has a security flaw where it fails to properly clean and filter certain settings, allowing admin users to inject malicious code through stored cross-site scripting (XSS, a type of attack where harmful scripts are saved and executed when users view a page). This vulnerability is particularly dangerous because it works even in multisite setups where HTML code is normally restricted.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-6722","publishedAt":"2024-09-04T10:15:17.327Z","cveId":"CVE-2024-6722","cweIds":["CWE-79"],"cvssScore":"4.8","cvssSeverity":"medium","severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["ChatGPT"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00179,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-198","CAPEC-86"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.72,"researchCategory":null,"atlasIds":null}}