cleantalk
Vulnerabilities and Security Researches

Kognetiks Chatbot for WordPress, CVE-2024-11143

CVE, Research URL

CVE-2024-11143

Home page URL

Security reports for Kognetiks Chatbot for WordPress

Application

Kognetiks Chatbot for WordPress

Published on
Nov 13, 2024
Research Description
The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.8. This is due to missing or incorrect nonce validation on the update_assistant, add_new_assistant, and delete_assistant functions. This makes it possible for unauthenticated attackers to modify assistants via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
Min -, max 2.1.9.
Status
vulnerable
Previous vulnerability researches
Kognetiks Chatbot for WordPress (CVE-2024-35738) , Jun 10, 2024
Kognetiks Chatbot for WordPress (CVE-2024-4560) , Jun 07, 2024
Kognetiks Chatbot for WordPress (CVE-2024-10530) , Nov 14, 2024
Kognetiks Chatbot for WordPress (CVE-2024-32700) , Jun 07, 2024
Kognetiks Chatbot for WordPress (CVE-2024-10531) , Nov 14, 2024
New vulnerability
VikRentCar Car Rental Management System (CVE-2025-5322) , Jul 04, 2025
GoZen Forms (CVE-2025-6783) , Jul 04, 2025
GoZen Forms (CVE-2025-6782) , Jul 04, 2025
CSV Importer Improved (CVE-2025-50013) , Jul 04, 2025
WooCommerce PDF Invoice Builder, Create invoices, packing slips and more (CVE-2025-53203) , Jul 04, 2025