Critical severity9.6NVD Advisory· Published Oct 19, 2023· Updated Apr 8, 2026
CVE-2023-5241
CVE-2023-5241
Description
The AI ChatBot for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.8.9 as well as 4.9.2 via the qcld_openai_upload_pagetraining_file function. This allows subscriber-level attackers to append "<?php" to any existing file on the server resulting in potential DoS when appended to critical files such as wp-config.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:quantumcloud:wpbot:4.9.2:*:*:*:*:wordpress:*:*+ 1 more
- cpe:2.3:a:quantumcloud:wpbot:4.9.2:*:*:*:*:wordpress:*:*
- cpe:2.3:a:quantumcloud:wpbot:*:*:*:*:*:wordpress:*:*range: <4.9.1
- Range: <=4.8.9, =4.9.2
Patches
Vulnerability mechanics
References
4- plugins.trac.wordpress.org/changesetnvdPatch
- packetstormsecurity.com/files/175371/WordPress-AI-ChatBot-4.8.9-SQL-Injection-Traversal-File-Deletion.htmlnvdThird Party AdvisoryVDB Entry
- www.wordfence.com/threat-intel/vulnerabilities/id/25199281-5286-4d75-8d27-26ce215e0993nvdThird Party Advisory
- plugins.trac.wordpress.org/browser/chatbot/trunk/includes/openai/qcld-bot-openai.phpnvdProduct
News mentions
0No linked articles in our index yet.