ChatGPT WordPress plugin – Cross-Site Scripting vulnerability [CVE-2024-6843]
CVE number = CVE-2024-6843
The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not sanitise and escape user inputs, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admins.
The plugin must have an active OpenAI API key to exploit this.
Further details – https://wpscan.com/vulnerability/9a5cb440-065a-445a-9a09-55bd5f782e85/

Kerry is a Content Creator at www.systemtek.co.uk she has spent many years working in IT support, her main interests are computing, networking and AI.
