Total
26 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-47613 | 1 Quantumcloud | 1 Wpbot | 2025-05-12 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in QuantumCloud AI ChatBot plugin <= 4.3.0 versions. | |||||
| CVE-2023-1650 | 1 Quantumcloud | 1 Wpbot | 2025-05-12 | N/A | 9.8 CRITICAL |
| The AI ChatBot WordPress plugin before 4.4.7 unserializes user input from cookies via an AJAX action available to unauthenticated users, which could allow them to perform PHP Object Injection when a suitable gadget is present on the blog | |||||
| CVE-2023-1011 | 1 Quantumcloud | 1 Wpbot | 2025-05-12 | N/A | 6.1 MEDIUM |
| The AI ChatBot WordPress plugin before 4.4.5 does not escape most of its settings before outputting them back in the dashboard, and does not have a proper CSRF check, allowing attackers to make a logged in admin set XSS payloads in them. | |||||
| CVE-2024-0453 | 1 Quantumcloud | 1 Wpbot | 2025-05-12 | N/A | 5.0 MEDIUM |
| The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_delete_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete files from a linked OpenAI account. | |||||
| CVE-2024-0452 | 1 Quantumcloud | 1 Wpbot | 2025-05-12 | N/A | 5.0 MEDIUM |
| The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_upload_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload files to a linked OpenAI account. | |||||
| CVE-2024-0451 | 1 Quantumcloud | 1 Wpbot | 2025-05-12 | N/A | 5.0 MEDIUM |
| The AI ChatBot plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the openai_file_list_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to list files existing in a linked OpenAI account. | |||||