{"data":{"id":"a2a2efeb-0b54-40b9-87a8-e4da29c9e005","title":"CVE-2024-6843: The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not sanitise and escape user inputs, which could allow unaut","summary":"The Chatbot with ChatGPT WordPress plugin before version 2.4.5 has a vulnerability where it does not properly clean and escape user inputs, allowing attackers to perform Stored Cross-Site Scripting attacks (XSS, a type of attack where malicious code gets saved and runs when admins view it) without needing to be logged in.","solution":"Update the Chatbot with ChatGPT WordPress plugin to version 2.4.5 or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-6843","publishedAt":"2024-08-19T10:15:06.043Z","cveId":"CVE-2024-6843","cweIds":["CWE-79"],"cvssScore":"6.1","cvssSeverity":"medium","severity":"medium","attackType":["jailbreak"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["ChatGPT","WordPress"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.01801,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-198","CAPEC-86"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.72,"researchCategory":null,"atlasIds":null}}