CVE-2023-5254 AI ChatBot <= 4.8.9 - Unauthenticated Sensitive Information Exposure via qcld_wb_chatbot_check_user

The ChatBot plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.8.9 via the qcldwbchatbotcheckuser function. This can allow unauthenticated attackers to extract sensitive data including confirmation as to whether a user name exists on the site ...

CVE-2023-5254

CVE-2023-5254 affects the AI ChatBot WordPress plugin. The vulnerability is an unauthenticated Sensitive Information Exposure via the qcld_wb_chatbot_check_user function, impacting versions up to and including 4.8.9. An attacker can confirm whether a username exists and view order information for...

CVE-2023-5204 AI ChatBot <= 4.8.9 - Unauthenticated SQL Injection via qc_wpbo_search_response

The ChatBot plugin for WordPress is vulnerable to SQL Injection via the $strid parameter in versions up to, and including, 4.8.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated...

CVE-2023-5212

CVE-2023-5212 refers to the AI ChatBot for WordPress, where an authenticated subscriber+ can misuse the qcld_openai_delete_training_file path to perform an arbitrary file deletion on the server. Affected versions are

CVE-2023-5204

CVE-2023-5204 affects the WordPress AI ChatBot plugin by QuantumCloud. The vulnerability is an unauthenticated SQL Injection via the POST parameter strid used by the ajax handler qc_wpbo_search_response. The underlying issue is insufficient escaping and lack of prepared statements for the SQL que...

CVE-2023-5241

The AI ChatBot for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.8.9 as well as 4.9.2 via the qcldopenaiuploadpagetrainingfile function. This allows subscriber-level attackers to append "?php" to any existing file on the server resulting in potential DoS when...

CVE-2023-5241 AI ChatBot <= 4.8.9 and 4.9.2 - Authenticated (Subscriber+) Directory Traversal to Arbitrary File Write via qcld_openai_upload_pagetraining_file

The AI ChatBot for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.8.9 as well as 4.9.2 via the qcldopenaiuploadpagetrainingfile function. This allows subscriber-level attackers to append "?php" to any existing file on the server resulting in potential DoS when...

CVE-2023-5241

CVE-2023-5241 affects the WordPress AI ChatBot plugin. It is a Directory Traversal via the function qcld_openai_upload_pagetraining_file , enabling subscriber‑level attackers to append PHP code to existing server files (e.g., wp-config.php), with potential DoS. Affected versions are up to 4.8.9 a...

WordPress plugin AI ChatBot path traversal vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin ChatBot SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress plugin ChatBot security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin AI ChatBot path traversal vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2023-31977 · WordPress · Chatbot

Name of the Vulnerable Software and Affected Versions: ChatBot plugin for WordPress versions up to, and including, 4.8.9 Description: The issue allows unauthenticated attackers to extract sensitive data, including confirmation of whether a user name exists on the site and order information for...

PT-2023-31923 · WordPress · Ai Chatbot

Name of the Vulnerable Software and Affected Versions: AI ChatBot plugin for WordPress versions up to, and including, 4.8.9 AI ChatBot plugin for WordPress version 4.9.2 Description: The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion. This makes it possible for...

PT-2023-31969 · WordPress · The Ai Chatbot For Wordpress

Name of the Vulnerable Software and Affected Versions: The AI ChatBot for WordPress versions up to, and including, 4.8.9 The AI ChatBot for WordPress version 4.9.2 Description: The issue allows subscriber-level attackers to perform Directory Traversal, potentially leading to a Denial of Service D...

WordPress ChatBot Plugin <= 4.8.9 is vulnerable to SQL Injection

Software ChatBot Type Plugin Vulnerable versions = 4.8.9 Fixed in 4.9.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5204 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID d9d43b0258cf Credits Marco Wotschka Required privilege Unauthenticated...

WordPress ChatBot Plugin <= 4.8.9 is vulnerable to Broken Access Control

Software ChatBot Type Plugin Vulnerable versions = 4.8.9 Fixed in 4.9.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-5533 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID ffa27d384955 Credits Marco Wotschka Required privilege...

WordPress ChatBot Plugin <= 4.8.9 is vulnerable to Arbitrary File Deletion

Software ChatBot Type Plugin Vulnerable versions = 4.8.9 Fixed in 4.9.1 OWASP Top 10 A4: Insecure Design Classification Arbitrary File Deletion CVE CVE-2023-5212 Patch priority High CVSS severity High 9.6 Developer Claim ownership PSID cac6c246df55 Credits Marco Wotschka Chloe Chamberland Require...

WordPress ChatBot Plugin <= 4.8.9 is vulnerable to Sensitive Data Exposure

Software ChatBot Type Plugin Vulnerable versions = 4.8.9 Fixed in 4.9.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-5254 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID a08bb4253476 Credits Marco Wotschka Required privilege...

WordPress ChatBot Plugin <= 4.8.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software ChatBot Type Plugin Vulnerable versions = 4.8.9 Fixed in 4.9.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5534 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID dd9ca26e2bc4 Credits Marco Wotschka Required...