CVE-2024-6722: 
WordPress vulnerability analysis and mitigation

The Chatbot Support AI: Free ChatGPT Chatbot, Woocommerce Chatbot WordPress plugin through version 1.0.2 contains a stored Cross-Site Scripting (XSS) vulnerability. This security issue affects high-privilege users such as administrators, allowing them to perform Stored XSS attacks even when the unfiltered_html capability is disallowed, such as in multisite setups (WPScan, NVD).

The vulnerability stems from insufficient sanitization and escaping of plugin settings. It has been assigned a CVSS v3.1 base score of 4.8 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N. The vulnerability is classified as CWE-79: Improper Neutralization of Input During Web Page Generation (NVD).

When exploited, this vulnerability allows high-privilege users to inject and store malicious scripts that will be executed when other users access the affected pages. The impact is considered moderate due to the requirement of high privileges to exploit the vulnerability (WPScan).

Currently, there is no known fix available for this vulnerability. Users should consider implementing additional security measures or evaluating alternative chatbot solutions until a patch is released (WPScan).