Skip to main content

Elizaibots

1 CVEs product

Monthly

CVE-2025-15659 MEDIUM This Month

Stored Cross-Site Scripting in the Elizaibots WordPress chatbot plugin (versions <= 1.0.2) allows authenticated Contributor-level users to inject malicious scripts that execute in the browser context of higher-privileged users - including site administrators - when they visit affected pages. The CVSS scope-change indicator (S:C) confirms the payload escapes the contributor's privilege boundary and can compromise admin sessions, enabling privilege escalation or site takeover. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.

XSS Elizaibots
NVD
CVSS 3.1
6.5
EPSS
0.1%
EPSS 0% CVSS 6.5
MEDIUM This Month

Stored Cross-Site Scripting in the Elizaibots WordPress chatbot plugin (versions <= 1.0.2) allows authenticated Contributor-level users to inject malicious scripts that execute in the browser context of higher-privileged users - including site administrators - when they visit affected pages. The CVSS scope-change indicator (S:C) confirms the payload escapes the contributor's privilege boundary and can compromise admin sessions, enabling privilege escalation or site takeover. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.

XSS Elizaibots
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy