ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Chatbot with IBM Watson plugin <= 0.8.20 - DOM Cross-Site Scripting (XSS) vulnerability

Product
Chatbot with IBM Watson
Description
DOM Cross-Site Scripting (XSS) vulnerability found by Hooper Labs in WordPress Chatbot with IBM Watson plugin (versions <= 0.8.20).
Solution
Update the WordPress Chatbot with IBM Watson plugin to the latest available version (at least 0.8.21).
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Plugin changelog
CVE
Name CVE-2020-7239
Versions
Affected In <= 0.8.20
Fixed In 0.8.21
Disclosure date
2020-01-21
Credits
Hooper Labs
Submitter
ThreatPress