CVE-2025-11576

🗓️ 24 Oct 2025 12:29:56Reported by WordfenceType

CVE-2025-11576: Unauthenticated CSV injection in WordPress AI Chatbot Free Models up to 1.6.5.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2025-11576	24 Oct 202515:38	–	circl
CNNVD	WordPress plugin AI Chatbot Free Models - Customer Support, Live Chat, Virtual Assistant Security Breach	25 Oct 202500:00	–	cnnvd
Cvelist	CVE-2025-11576 AI Chatbot Free Models – Customer Support, Live Chat, Virtual Assistant <= 1.6.5 - Unauthenticated CSV Injection	24 Oct 202512:29	–	cvelist
EUVD	EUVD-2025-35834	24 Oct 202512:29	–	euvd
NVD	CVE-2025-11576	24 Oct 202513:15	–	nvd
Patchstack	WordPress AI Chatbot Free Models – Customer Support, Live Chat, Virtual Assistant plugin <= 1.6.5 - Unauthenticated CSV Injection vulnerability	24 Oct 202523:34	–	patchstack
Positive Technologies	PT-2025-43615	24 Oct 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-11576	25 Oct 202512:38	–	redhatcve
Vulnrichment	CVE-2025-11576 AI Chatbot Free Models – Customer Support, Live Chat, Virtual Assistant <= 1.6.5 - Unauthenticated CSV Injection	24 Oct 202512:29	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (October 20, 2025 to October 26, 2025)	30 Oct 202516:01	–	wordfence

Vulners

Node

newcodebyte ai_chatbot_free_models_customer_support,_live_chat,_virtual_assistantRange≤1.6.5wordpress

[
  {
    "vendor": "newcodebyte",
    "product": "AI Chatbot Free Models – Customer Support, Live Chat, Virtual Assistant",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "1.6.5",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/5064873b-e70a-4fe6-8c5c-ced6025aaa5f
plugins	www.plugins.trac.wordpress.org/changeset/3378450/

15 Apr 2026 00:35Current

6.4Medium risk

Vulners AI Score6.4

CVSS 3.14.3

EPSS0.00187

SSVC

CWE-1236