CVE-2026-57362
Deferred Deferred - Pending Action

Unauthenticated XSS in ChatBot <= 8.3.2

Vulnerability report for CVE-2026-57362, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-02

Last updated on: 2026-07-02

Assigner: Patchstack

Description

Unauthenticated Cross Site Scripting (XSS) in ChatBot <= 8.3.2 versions.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-02
Last Modified
2026-07-02
Generated
2026-07-02
AI Q&A
2026-07-02
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
patchstack chatbot to 8.3.2 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The WordPress ChatBot Plugin, versions 8.3.2 and earlier, is vulnerable to an unauthenticated Cross Site Scripting (XSS) attack. This means that an attacker can inject malicious scripts into the website without needing to be logged in or authenticated.

Exploitation requires user interaction, such as clicking a malicious link or visiting a specially crafted page. Once exploited, the attacker can execute malicious scripts like redirects or advertisements on the affected website.

This vulnerability is classified as medium priority with a CVSS score of 7.1, indicating moderate danger and potential for widespread exploitation.

Impact Analysis

This vulnerability can impact you by allowing attackers to inject malicious scripts into your website, which can lead to unauthorized redirects, display of unwanted advertisements, or other malicious activities.

Because the attack requires user interaction, visitors to your website could be tricked into executing these malicious scripts, potentially compromising their security and trust in your site.

The vulnerability can be exploited on a large scale, targeting thousands of websites, which increases the risk of widespread damage.

Detection Guidance

The vulnerability is a reflected Cross Site Scripting (XSS) in the WordPress ChatBot Plugin versions 8.3.2 and earlier. Detection typically involves monitoring for suspicious HTTP requests that include malicious script payloads targeting the ChatBot plugin endpoints.

While specific commands are not provided, common detection methods include using web application firewall (WAF) logs or intrusion detection systems (IDS) to identify requests containing typical XSS attack patterns such as script tags or encoded payloads in URL parameters.

Patchstack has provided a mitigation rule to block attacks until the update is applied, which may also assist in detection by logging blocked attempts.

Mitigation Strategies

The immediate recommended step is to update the WordPress ChatBot Plugin to version 8.3.3 or later, where the vulnerability is patched.

Until the update can be applied, users are advised to implement the mitigation rule provided by Patchstack to block attack attempts targeting this vulnerability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57362. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart