CVE-2023-2811: 
WordPress vulnerability analysis and mitigation

The AI ChatBot WordPress plugin before version 4.5.6 contains a stored Cross-Site Scripting (XSS) vulnerability identified as CVE-2023-2811. The vulnerability was discovered by NGO VAN TU and publicly disclosed on May 25, 2023. The issue affects the plugin's settings functionality, specifically impacting installations running versions prior to 4.5.6 (WPScan).

The vulnerability stems from improper sanitization and escaping of numerous settings within the plugin. The issue has been assigned a CVSS v3.1 base score of 4.8 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N. The vulnerability specifically affects the ChatBot Keywords settings section, where user input is not properly sanitized before being stored and displayed (NVD).

When exploited, this vulnerability allows high-privilege users such as administrators to perform Stored Cross-Site Scripting attacks. The impact is two-fold: it affects all administrators when setting up the chatbot and all clients when using the chatbot functionality (WPScan).

The vulnerability has been fixed in version 4.5.6 of the AI ChatBot WordPress plugin. Users are strongly advised to update to this version or later to mitigate the security risk (WPScan).