CVSS 3.1 Score 4.4 of 10 (medium)


Published Jan 11, 2024
Updated: Jan 18, 2024


CVE-2023-5691 is a vulnerability that affects the Chatbot for WordPress plugin, specifically version 2.3.9. This vulnerability allows authenticated attackers with administrator-level permissions or higher to inject arbitrary web scripts in pages, leading to Stored Cross-Site Scripting (XSS). The injection occurs through the admin settings due to insufficient input sanitization and output escaping. It is important to note that this vulnerability only affects multi-site installations and installations where unfiltered_html has been disabled. Organizations using the affected plugin should update to a patched version as soon as possible to remediate this vulnerability and prevent potential exploitation.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-5691 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options