Total
27 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-4254 | 1 Quantumcloud | 1 Wpbot | 2025-05-12 | N/A | 4.8 MEDIUM |
| The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2023-5254 | 1 Quantumcloud | 1 Wpbot | 2025-05-12 | N/A | 5.3 MEDIUM |
| The ChatBot plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.8.9 via the qcld_wb_chatbot_check_user function. This can allow unauthenticated attackers to extract sensitive data including confirmation as to whether a user name exists on the site as well as order information for existing users. | |||||
| CVE-2023-2811 | 1 Quantumcloud | 1 Wpbot | 2025-05-12 | N/A | 4.8 MEDIUM |
| The AI ChatBot WordPress plugin before 4.5.6 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks to all admin when setting chatbot and all client when using chatbot | |||||
| CVE-2023-4253 | 1 Quantumcloud | 1 Wpbot | 2025-05-12 | N/A | 4.8 MEDIUM |
| The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-0453 | 1 Quantumcloud | 1 Wpbot | 2025-05-12 | N/A | 5.0 MEDIUM |
| The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_delete_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete files from a linked OpenAI account. | |||||
| CVE-2024-0452 | 1 Quantumcloud | 1 Wpbot | 2025-05-12 | N/A | 5.0 MEDIUM |
| The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_upload_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload files to a linked OpenAI account. | |||||
| CVE-2024-0451 | 1 Quantumcloud | 1 Wpbot | 2025-05-12 | N/A | 5.0 MEDIUM |
| The AI ChatBot plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the openai_file_list_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to list files existing in a linked OpenAI account. | |||||