EUVD-2024-16247

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

AI ChatBot plugin for WordPress allows unauthorized file uploads due to missing capability check vulnerability

Reporter	Title	Published	Views	Family All 11
CNNVD	WordPress plugin AI ChatBot 安全漏洞	22 May 202400:00	–	cnnvd
CVE	CVE-2024-0452	22 May 202403:17	–	cve
Cvelist	CVE-2024-0452 AI ChatBot <= 5.3.4 - Missing Authorization via openai_file_upload_callback	22 May 202403:17	–	cvelist
NVD	CVE-2024-0452	22 May 202404:15	–	nvd
Patchstack	WordPress ChatBot Plugin <= 5.3.4 is vulnerable to Broken Access Control	22 May 202400:00	–	patchstack
Patchstack	WordPress AI ChatBot plugin <= 5.3.4 - Missing Authorization via multiple functions vulnerability	22 May 202401:04	–	patchstack
Positive Technologies	PT-2024-15571 · WordPress · Ai Chatbot	22 May 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-0452	23 May 202509:01	–	redhatcve
Vulnrichment	CVE-2024-0452 AI ChatBot <= 5.3.4 - Missing Authorization via openai_file_upload_callback	22 May 202403:17	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (May 20, 2024 to May 26, 2024)	30 May 202415:23	–	wordfence

[
  {
    "enisaIdVendor": [
      {
        "id": "545e2704-ea37-3a0f-8753-39ce87cc0e0c",
        "vendor": {
          "name": "QuantumCloud"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "3bfa9905-44ed-3543-8e3e-c450c0639243",
        "product": {
          "name": "AI ChatBot for WordPress – WPBot"
        },
        "product_version": "* ≤5.3.4"
      }
    ]
  }
]

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/34b6475c-b5dd-42a1-98d1-9b5ae9ff4ad5
plugins	www.plugins.trac.wordpress.org/browser/chatbot/trunk/includes/openai/qcld-bot-openai.php
plugins	www.plugins.trac.wordpress.org/changeset/3089461/chatbot/trunk/includes/openai/qcld-bot-openai.php

03 Oct 2025 20:07Current

6.4Medium risk

Vulners AI Score6.4

CVSS 3.15 - 7.7

EPSS0.00209

SSVC