AI ChatBot

Source repositories

https://plugins.svn.wordpress.org/chatbot

CVEs (15)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2023-5241	Quantumcloud Wpbot	Cri	0.63	9.6	0.02	Oct 19, 2023	The AI ChatBot for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.8.9 as well as 4.9.2 via the qcld_openai_upload_pagetraining_file function. This allows subscriber-level attackers to append "<?php" to any existing file on the server resulting…
CVE-2023-5212	Quantumcloud Wpbot	Cri	0.62	9.6	0.00	Oct 19, 2023	The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 4.8.9 as well as version 4.9.2. This makes it possible for authenticated attackers with subscriber privileges to delete arbitrary files on the server, which makes it…
CVE-2024-22309	Quantumcloud Wpbot	Hig	0.57	8.7	0.00	Jan 24, 2024	Deserialization of Untrusted Data vulnerability in QuantumCloud ChatBot with AI.This issue affects ChatBot with AI: from n/a through 5.1.0.
CVE-2023-48741	Quantumcloud Wpbot	Hig	0.49	7.6	0.00	Dec 19, 2023	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuantumCloud AI ChatBot.This issue affects AI ChatBot: from n/a through 4.7.8.
CVE-2023-5533	Quantumcloud Wpbot	Med	0.34	5.3	0.00	Oct 20, 2023	The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to missing capability checks on the corresponding functions in versions up to, and including, 4.8.9 as well as 4.9.2. This makes it possible for unauthenticated attackers to perform some of…
CVE-2023-5534	Quantumcloud Wpbot	Med	0.28	4.3	0.00	Oct 20, 2023	The AI ChatBot plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.8.9 and 4.9.2. This is due to missing or incorrect nonce validation on the corresponding functions. This makes it possible for unauthenticated attackers to invoke…
CVE-2024-0453	Quantumcloud Wpbot	Med	0.26	5.0	0.00	May 22, 2024	The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_delete_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with…
CVE-2024-0451	Quantumcloud Wpbot	Med	0.26	5.0	0.00	May 22, 2024	The AI ChatBot plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the openai_file_list_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level…
CVE-2023-44993	WordPress AI ChatBot		0.00	—	0.00	Oct 9, 2023	Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI ChatBot plugin <= 4.7.8 versions.
CVE-2023-4253	WordPress Chatbot		0.00	—	0.00	Sep 4, 2023	The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite…
CVE-2023-4254	WordPress Chatbot		0.00	—	0.00	Sep 4, 2023	The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite…
CVE-2023-2742	WordPress Chatbot		0.00	—	0.00	Jun 19, 2023	The AI ChatBot WordPress plugin before 4.5.5 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
CVE-2023-1651	WordPress Chatbot		0.00	—	0.00	May 8, 2023	The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in the AJAX action responsible to update the OpenAI settings, allowing any authenticated users, such as subscriber to update them. Furthermore, due to the lack of escaping of the settings, this…
CVE-2023-1011	WordPress Chatbot		0.00	—	0.00	May 8, 2023	The AI ChatBot WordPress plugin before 4.4.5 does not escape most of its settings before outputting them back in the dashboard, and does not have a proper CSRF check, allowing attackers to make a logged in admin set XSS payloads in them.
CVE-2023-1660	WordPress Chatbot		0.00	—	0.00	May 8, 2023	The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboard

CVE-2023-5241CriOct 19, 2023
Quantumcloud
Wpbot
risk 0.63cvss 9.6epss 0.02
The AI ChatBot for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.8.9 as well as 4.9.2 via the qcld_openai_upload_pagetraining_file function. This allows subscriber-level attackers to append "<?php" to any existing file on the server resulting…
CVE-2023-5212CriOct 19, 2023
Quantumcloud
Wpbot
risk 0.62cvss 9.6epss 0.00
The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 4.8.9 as well as version 4.9.2. This makes it possible for authenticated attackers with subscriber privileges to delete arbitrary files on the server, which makes it…
CVE-2024-22309HigJan 24, 2024
Quantumcloud
Wpbot
risk 0.57cvss 8.7epss 0.00
Deserialization of Untrusted Data vulnerability in QuantumCloud ChatBot with AI.This issue affects ChatBot with AI: from n/a through 5.1.0.
CVE-2023-48741HigDec 19, 2023
Quantumcloud
Wpbot
risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuantumCloud AI ChatBot.This issue affects AI ChatBot: from n/a through 4.7.8.
CVE-2023-5533MedOct 20, 2023
Quantumcloud
Wpbot
risk 0.34cvss 5.3epss 0.00
The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to missing capability checks on the corresponding functions in versions up to, and including, 4.8.9 as well as 4.9.2. This makes it possible for unauthenticated attackers to perform some of…
CVE-2023-5534MedOct 20, 2023
Quantumcloud
Wpbot
risk 0.28cvss 4.3epss 0.00
The AI ChatBot plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.8.9 and 4.9.2. This is due to missing or incorrect nonce validation on the corresponding functions. This makes it possible for unauthenticated attackers to invoke…
CVE-2024-0453MedMay 22, 2024
Quantumcloud
Wpbot
risk 0.26cvss 5.0epss 0.00
The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_delete_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with…
CVE-2024-0451MedMay 22, 2024
Quantumcloud
Wpbot
risk 0.26cvss 5.0epss 0.00
The AI ChatBot plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the openai_file_list_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level…
CVE-2023-44993Oct 9, 2023
WordPress
AI ChatBot
risk 0.00cvss —epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI ChatBot plugin <= 4.7.8 versions.
CVE-2023-4253Sep 4, 2023
WordPress
Chatbot
risk 0.00cvss —epss 0.00
The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite…
CVE-2023-4254Sep 4, 2023
WordPress
Chatbot
risk 0.00cvss —epss 0.00
The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite…
CVE-2023-2742Jun 19, 2023
WordPress
Chatbot
risk 0.00cvss —epss 0.00
The AI ChatBot WordPress plugin before 4.5.5 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
CVE-2023-1651May 8, 2023
WordPress
Chatbot
risk 0.00cvss —epss 0.00
The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in the AJAX action responsible to update the OpenAI settings, allowing any authenticated users, such as subscriber to update them. Furthermore, due to the lack of escaping of the settings, this…
CVE-2023-1011May 8, 2023
WordPress
Chatbot
risk 0.00cvss —epss 0.00
The AI ChatBot WordPress plugin before 4.4.5 does not escape most of its settings before outputting them back in the dashboard, and does not have a proper CSRF check, allowing attackers to make a logged in admin set XSS payloads in them.
CVE-2023-1660May 8, 2023
WordPress
Chatbot
risk 0.00cvss —epss 0.00
The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboard