CVE-2023-4254

The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-31971

ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simplechatbot/admin/?page=responses/viewresponse=...

CVE-2022-31970

ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simplechatbot/admin/?page=responses/manageresponse=...

CVE-2022-31969

ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simplechatbot/admin/?page=user/manageuser=...

CVE-2024-34380

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuantumCloud Conversational Forms for ChatBot allows Stored XSS.This issue affects Conversational Forms for ChatBot: from n/a through 1.2.0...

Eurostar Accused Researchers of Blackmail for Reporting AI Chatbot Flaws

Researchers discovered critical flaws in Eurostar’s AI chatbot including prompt injection, HTML injection, guardrail bypass, and unverified chat IDs - Eurostar later accused them of blackmail...

Malicious code in workvivo-chatbot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9e993f1097d70a3ff26607309666ae40eebf846a04af39cb76063ca237090bcc The package workvivo-chatbot was found to contain malicious code...

MAL-2025-192887 Malicious code in workvivo-chatbot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9e993f1097d70a3ff26607309666ae40eebf846a04af39cb76063ca237090bcc The package workvivo-chatbot was found to contain malicious code...

WordPress AI ChatBot with ChatGPT and Content Generator by AYS plugin <= 2.7.0 - Unauthenticated Server-Side Request Forgery via 'pinecone_url' Parameter vulnerability

Unauthenticated Server-Side Request Forgery via 'pineconeurl' Parameter vulnerability discovered by blue0x1 in WordPress Plugin AI ChatBot with ChatGPT and Content Generator by AYS versions = 2.7.0...

CVE-2025-13381 AI ChatBot with ChatGPT and Content Generator by AYS <= 2.7.0 - Missing Authorization to Unauthenticated Media File Uploads

The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'ayschatgptsavewpmedia' function in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to upload...

CVE-2025-13381 AI ChatBot with ChatGPT and Content Generator by AYS <= 2.7.0 - Missing Authorization to Unauthenticated Media File Uploads

The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'ayschatgptsavewpmedia' function in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to upload...

WordPress plugin AI ChatBot with ChatGPT and Content Generator by AYS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

PT-2025-48254

The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'ays chatgpt save wp media' function in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to...

WordPress S2B AI Assistant – ChatBot, ChatGPT, OpenAI, Content & Image Generator plugin <= 1.7.8 - Authenticated (Editor+) Arbitrary File Upload vulnerability

Authenticated Editor+ Arbitrary File Upload vulnerability discovered by Ryan Kozak in WordPress Plugin S2B AI Assistant versions = 1.7.8...

WordPress ChatBot plugin missing authorization vulnerability

WordPress ChatBot plugin is a tool that provides live chat and AI chatbot functionality for WordPress websites, helping users to instantly communicate with visitors, increase customer satisfaction and optimize sales conversions. WordPress ChatBot plugin suffers from a lack of authorization...

CVE-2025-64277

Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through = 7.3.9...

EUVD-2025-175361

Typebot is an open-source chatbot builder. In versions prior to 3.13.1, a Server-Side Request Forgery SSRF vulnerability in the Typebot webhook block HTTP Request component functionality allows authenticated users to make arbitrary HTTP requests from the server, including access to AWS Instance...

EUVD-2025-163773

Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through = 7.3.9...

CVE-2025-64277

Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through = 7.3.9...

CVE-2025-64277 WordPress ChatBot plugin <= 7.3.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through = 7.3.9...