cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-10529,https://securityvulnerability.io/vulnerability/CVE-2024-10529,Unauthorized Modification of Data Vulnerability in Chatbot for WordPress Plugin,"The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_assistant() function in all versions up to, and including, 2.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete GTP assistants.",Wordpress,Kognetiks Chatbot For WordPress,5.3,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-11-13T02:33:21.151Z,0
CVE-2024-11143,https://securityvulnerability.io/vulnerability/CVE-2024-11143,Unauthenticated Attackers Can Modify Assistants via CSRF,"The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.8. This is due to missing or incorrect nonce validation on the update_assistant, add_new_assistant, and delete_assistant functions. This makes it possible for unauthenticated attackers to modify assistants via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",Wordpress,Kognetiks Chatbot For WordPress,4.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,2024-11-13T02:33:20.521Z,0
CVE-2024-10684,https://securityvulnerability.io/vulnerability/CVE-2024-10684,Unauthenticated Cross-Site Scripting vulnerability in Kognetiks Chatbot for WordPress plugin,"The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dir' parameter in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",Wordpress,Kognetiks Chatbot For WordPress,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,2024-11-13T02:33:19.984Z,0
CVE-2024-10531,https://securityvulnerability.io/vulnerability/CVE-2024-10531,Unauthorized Data Modification Vulnerability in Kognetiks Chatbot for WordPress Plugin,"The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_assistant() function in all versions up to, and including, 2.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to update GTP assistants.",Wordpress,Kognetiks Chatbot For WordPress,4.3,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-11-13T02:33:19.238Z,0
CVE-2024-10530,https://securityvulnerability.io/vulnerability/CVE-2024-10530,Unauthorized Modification of Data Vulnerability in Chatbot for WordPress Plugin,"The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the add_new_assistant() function in all versions up to, and including, 2.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to create new GTP assistants.",Wordpress,Kognetiks Chatbot For WordPress,4.3,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-11-13T02:33:18.433Z,0
CVE-2024-35738,https://securityvulnerability.io/vulnerability/CVE-2024-35738,Stored XSS Vulnerability in Kognetiks Chatbot for WordPress,Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kognetiks Kognetiks Chatbot for WordPress allows Stored XSS.This issue affects Kognetiks Chatbot for WordPress: from n/a through 1.9.8.,Wordpress,Kognetiks Chatbot For WordPress,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-06-08T12:43:27.722Z,0
CVE-2024-4560,https://securityvulnerability.io/vulnerability/CVE-2024-4560,Arbitrary File Upload Vulnerability in Kognetiks Chatbot for WordPress Plugin,"The Kognetiks Chatbot for WordPress plugin is exposed to a vulnerability allowing arbitrary file uploads due to inadequate file type validation in its upload function. This security lapse affects all versions prior to 1.9.9, enabling unauthenticated attackers to exploit the flaw and upload malicious files to the server. Such an upload may pave the way for remote code execution, potentially compromising the integrity and security of the affected WordPress site.",Wordpress,Kognetiks Chatbot For WordPress,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-14T15:44:00.000Z,0
CVE-2024-32700,https://securityvulnerability.io/vulnerability/CVE-2024-32700,Unrestricted Upload of File with Dangerous Type Vulnerability Affects Kognetiks Chatbot for WordPress,"The Kognetiks Chatbot for WordPress is susceptible to an unrestricted file upload vulnerability, allowing attackers to upload files with dangerous types. This flaw can lead to various security risks including unauthorized access and code execution on the server. Affected versions prior to 2.0.0 are particularly vulnerable, necessitating immediate actions to mitigate the risk. Website administrators are urged to assess their installations and apply necessary patches to protect against potential exploitation.",Wordpress,Kognetiks Chatbot For WordPress,10,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-14T15:36:00.000Z,0