Livechat Chatbot Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Livechat chatbot on the target application. Livechat is a solution to build & deploy AI customer experiences. This detection is included in the AI and LLM category. No source data...

Voiceflow Chatbot Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Voiceflow chatbot on the target application. Voiceflow is a solution to build & deploy AI customer experiences. This detection is included in the AI and LLM category. No source data...

Langflow Chatbot Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Langflow chatbot on the target application. Langflow is an open-source visual framework for building multi-agent and RAG. This detection is included in the AI and LLM category. No source data...

CVE-2025-48957

AstrBot is a large language model chatbot and development framework. A path traversal vulnerability present in versions 3.4.4 through 3.5.12 may lead to information disclosure, such as API keys for LLM providers, account passwords, and other sensitive data. The vulnerability has been addressed in...

Malicious code in @chatbot-builder/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6ace9cff4af8d9323da0b8644083e75867baace24814284462f536c574065052 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-24666

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeisle AI Chatbot for WordPress – Hyve Lite hyve-lite allows Stored XSS.This issue affects AI Chatbot for WordPress – Hyve Lite: from n/a through = 1.2.2...

CVE-2025-22813

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuantumCloud Conversational Forms for ChatBot conversational-forms allows Stored XSS.This issue affects Conversational Forms for ChatBot: from n/a through = 1.4.2...

CVE-2024-7714

The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 lacks sufficient access controls allowing an unauthenticated user to disconnect the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 from OpenAI, thereby disabling the AI ChatB...

CVE-2024-6722

The Chatbot Support AI: Free ChatGPT Chatbot, Woocommerce Chatbot WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...

CVE-2024-6847

The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users when submitting messages to the chatbot...

CVE-2024-6843

The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not sanitise and escape user inputs, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admins...

CVE-2024-6498

The Chatbot for WordPress by Collect.chat ⚡️ WordPress plugin before 2.4.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

CVE-2024-28816

Student Information Chatbot a0196ab allows SQL injection via the username to the login function in index.php...

CVE-2024-26454

A Cross Site Scripting vulnerability in Healthcare-Chatbot through 9b7058a can occur via a crafted payload to the email1 or pwd1 parameter in login.php...

CVE-2024-37923

Cross-Site Request Forgery CSRF vulnerability in cliengo Cliengo – Chatbot cliengo allows Cross Site Request Forgery.This issue affects Cliengo – Chatbot: from n/a through = 3.0.4...

CVE-2024-7713

The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 discloses the Open AI API Key, allowing unauthenticated users to obtain it...

CVE-2024-21624

nonebot2 is a cross-platform Python asynchronous chatbot framework written in Python. This security advisory pertains to a potential information leak e.g., environment variables in instances where developers utilize MessageTemplate and incorporate user-provided data into templates. The identified...

CVE-2024-0699

The AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'addimagefromurl' function in all versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with...

CVE-2024-5993

The Cliengo – Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updatesession' function in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

CVE-2024-10684

The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dir' parameter in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...