CVE-2025-0329 AI ChatBot for WordPress – WPBot < 6.2.4 - Admin+ Stored XSS

The AI ChatBot for WordPress WordPress plugin before 6.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-0329 AI ChatBot for WordPress – WPBot < 6.2.4 - Admin+ Stored XSS

The AI ChatBot for WordPress WordPress plugin before 6.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-0329

The CVE-2025-0329 entry concerns the AI ChatBot for WordPress (WPBot) plugin for WordPress, affected versions prior to 6.2.4. The root cause is insufficient sanitization and escaping of certain settings, which could enable stored cross-site scripting (XSS) by high-privilege users (e.g., admins), ...

WordPress plugin AI ChatBot for WordPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A security...

PT-2025-21555 · WordPress · Ai Chatbot

Name of the Vulnerable Software and Affected Versions: AI ChatBot for WordPress versions prior to 6.2.4 Description: The issue concerns the AI ChatBot for WordPress plugin, which does not properly sanitize and escape some of its settings. This could allow high-privilege users, such as...

A week in security (May 4 &#8211; May 10)

Last week on Malwarebytes Labs: The AI chatbot cop squad is here Lock and Code S06E09 Android fixes 47 vulnerabilities, including one zero-day. Update as soon as you can! "Your privacy is a promise we don’t break": Dating app Raw exposes sensitive user data FBI issues warning as scammers target...

Security Bulletin: IBM Robotic Process Automation is vulnerable to disclosure of chatbot credentials (CVE-2022-33954))

Summary Security Bulletin: IBM Robotic Process Automation is vulnerable to disclosure of chatbot credentials CVE-2022-33954 Vulnerability Details CVEID:CVE-2022-33954 DESCRIPTION: IBM Robotic Process Automation could allow a user with psychical access to the system to obtain sensitive information...

Dust: BAC – Bypass chatbot restrictions via unauthorized mention injection

The Gemini chatbot was found to have a vulnerability that allowed unauthorized users to bypass permission restrictions and interact with the chatbot. The vulnerability was discovered when a user manually edited the request by changing the "mention" and "configurationId" fields, which allowed them...

CVE-2025-21573

Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications component: Chatbot. Supported versions that are affected are 5.1.0.0.0, 6.1.0.0.0 and 7.0.0.0.0. Difficult to exploit vulnerability allows high privileged attacker with...

CVE-2025-21573

Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications component: Chatbot. Supported versions that are affected are 5.1.0.0.0, 6.1.0.0.0 and 7.0.0.0.0. Difficult to exploit vulnerability allows high privileged attacker with...

CVE-2025-21573

Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications component: Chatbot. Supported versions that are affected are 5.1.0.0.0, 6.1.0.0.0 and 7.0.0.0.0. Difficult to exploit vulnerability allows high privileged attacker with...

Oracle Financial Services Applications 安全漏洞

Oracle Financial Services Applications is a suite of financial services software from Oracle Corporation USA. The product includes core banking, online banking, and estate management. A security vulnerability exists in Oracle Financial Services Revenue Management and Billing versions 5.1.0.0.0,...

Sex-Fantasy Chatbots Are Leaking a Constant Stream of Explicit Messages

Some misconfigured AI chatbots are pushing people’s chats to the open web—revealing sexual prompts and conversations that include descriptions of child sexual abuse...

CVE-2025-3035

By first using the AI chatbot in one tab and later activating it in another tab, the document title of the previous tab would leak into the chat prompt. This vulnerability was fixed in Firefox 137...

CVE-2025-3035 Tab title disclosure across pages when using AI chatbot

By first using the AI chatbot in one tab and later activating it in another tab, the document title of the previous tab would leak into the chat prompt. This vulnerability was fixed in Firefox 137...

CVE-2025-3035

By first using the AI chatbot in one tab and later activating it in another tab, the document title of the previous tab would leak into the chat prompt. This vulnerability was fixed in Firefox 137...

PT-2025-14110

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 137 Description The issue occurs when the AI chatbot is used in one tab and then activated in another tab, causing the document title of the previous tab to leak into the chat prompt. Recommendations For versions prio...

Microsoft Azure Health Bot 安全漏洞

Microsoft Azure Health Bot is an Artificial Intelligence-based service from Microsoft Corporation USA designed to provide automated chatbot solutions for healthcare. A security vulnerability exists in Microsoft Azure Health Bot. An attacker exploiting the vulnerability can elevate privileges...

CVE-2024-11821

A privilege escalation vulnerability exists in langgenius/dify version 0.9.1. This vulnerability allows a normal user to modify Orchestrate instructions for a chatbot created by an admin user. The issue arises because the application does not properly enforce access controls on the endpoint...

New Phishing Scam Uses Fake Instagram Chatbot to Hijack Accounts

New phishing scam targets Instagram business accounts using fake chatbots and support emails, tricking users into handing over login credentials...