Filtered by vendor Quantumcloud
Subscriptions
Filtered by product Wpbot
Subscriptions
Total
27 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-4254 | 1 Quantumcloud | 1 Wpbot | 2025-05-12 | 4.8 Medium |
| The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2023-5254 | 1 Quantumcloud | 1 Wpbot | 2025-05-12 | 5.3 Medium |
| The ChatBot plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.8.9 via the qcld_wb_chatbot_check_user function. This can allow unauthenticated attackers to extract sensitive data including confirmation as to whether a user name exists on the site as well as order information for existing users. | ||||
| CVE-2023-5606 | 1 Quantumcloud | 1 Wpbot | 2025-05-12 | 4.4 Medium |
| The ChatBot for WordPress is vulnerable to Stored Cross-Site Scripting via the FAQ Builder in versions 4.8.6 through 4.9.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. NOTE: This vulnerability is a re-introduction of CVE-2023-4253. | ||||
| CVE-2024-6669 | 1 Quantumcloud | 1 Wpbot | 2025-05-12 | 5.5 Medium |
| The AI ChatBot for WordPress – WPBot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
| CVE-2022-47613 | 1 Quantumcloud | 1 Wpbot | 2025-05-12 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in QuantumCloud AI ChatBot plugin <= 4.3.0 versions. | ||||
| CVE-2024-0453 | 1 Quantumcloud | 1 Wpbot | 2025-05-12 | 5 Medium |
| The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_delete_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete files from a linked OpenAI account. | ||||
| CVE-2024-0451 | 1 Quantumcloud | 1 Wpbot | 2025-05-12 | 5 Medium |
| The AI ChatBot plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the openai_file_list_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to list files existing in a linked OpenAI account. | ||||