CVE-2024-6669: 
WordPress vulnerability analysis and mitigation

The AI ChatBot for WordPress – WPBot plugin is affected by a Stored Cross-Site Scripting vulnerability (CVE-2024-6669) in versions up to and including 5.5.7. The vulnerability was discovered and disclosed on July 17, 2024, affecting WordPress installations where the plugin is installed (NVD).

The vulnerability stems from insufficient input sanitization and output escaping in the admin settings of the plugin. This security flaw only impacts multi-site installations and installations where unfiltered_html has been disabled. The vulnerability has been assigned a CVSS v3.1 Base Score of 4.8 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N, while Wordfence assessed it with a slightly higher score of 5.5 (MEDIUM) (NVD).

When exploited, this vulnerability allows authenticated attackers with administrator-level permissions to inject arbitrary web scripts into pages. These malicious scripts will execute whenever a user accesses an affected page, potentially compromising the security of site visitors (NVD).

The vulnerability has been patched in version 5.5.8 of the AI ChatBot for WordPress – WPBot plugin. Users are advised to update to this version or later to protect against this security issue (WordPress Plugin).