The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to missing capability checks on the corresponding functions in versions up to, and including, 4.9.2. This makes it possible for unauthenticated attackers to perform some of those actions that were intended for higher privileged users. This vulnerability is the same as CVE-2023-5533 but was reintroduced in version 4.9.2.


https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5656
The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to missing capability checks on the corresponding functions in versions up to, and including, 4.9.2. This makes it possible for unauthenticated attackers to perform some of those actions that were intended for higher privileged users. This vulnerability is the same as CVE-2023-5533 but was reintroduced in version 4.9.2.
2023-10-20T08:15:13Z

Source: CVEAnnouncements
Source Link: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5656