cleantalk
Vulnerabilities and Security Researches

Collect.chat – Chatbot ⚡️, CVE-2023-5691

CVE, Research URL

CVE-2023-5691

Home page URL

Security reports for Collect.chat – Chatbot ⚡️

Application

Collect.chat – Chatbot ⚡️

Published on
Jan 11, 2024
Research Description
The Chatbot for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version 2.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions
max 2.4.0.
Status
vulnerable
Previous vulnerability researches
Collect.chat – Chatbot ⚡️ (CVE-2026-0736) , Apr 15, 2026
Collect.chat – Chatbot ⚡️ (CVE-2024-30436) , Jun 07, 2024
Collect.chat – Chatbot ⚡️ (CVE-2023-5691) , Jun 07, 2024
Collect.chat – Chatbot ⚡️ (CVE-2024-6498) , Aug 07, 2024
New vulnerability
xmlrpc attacks blocker (CVE-2026-2502) , Apr 16, 2026
Templately – Gutenberg & Elementor Template Library: 5000+ Free & Pro Ready Templates & Cloud! (CVE-2026-0831) , Apr 16, 2026
iRobots.txt SEO (CVE-2025-68840) , Apr 16, 2026
Tune Library (CVE-2026-1401) , Apr 16, 2026
Taskbuilder – WordPress Project & Task Management plugin (CVE-2026-2289) , Apr 16, 2026