CVE-2024-6722: The Chatbot Support AI: Free ChatGPT Chatbot, Woocommerce Chatbot WordPress plugin through 1.0.2 does not sanitise and e
Summary
A WordPress plugin called Chatbot Support AI (versions up to 1.0.2) has a security flaw where it fails to properly clean and filter certain settings, allowing admin users to inject malicious code through stored cross-site scripting (XSS, a type of attack where harmful scripts are saved and executed when users view a page). This vulnerability is particularly dangerous because it works even in multisite setups where HTML code is normally restricted.
Vulnerability Details
4.8(medium)
EPSS: 0.2%
Classification
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-6722
First tracked: February 15, 2026 at 08:50 PM
Classified by LLM (prompt v3) · confidence: 72%