EUVD-2023-34203

Malicious code in bioql PyPI...

EUVD-2023-57845

Malicious code in bioql PyPI...

WordPress WPBOT plugin < 7.1.0 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin ChatBot versions 7.1.0...

WordPress Ai Engine plugin <= 2.9.5 - Missing Authorization to Unauthenticated Uploaded Files Disclosure And Deletion vulnerability

Missing Authorization to Unauthenticated Uploaded Files Disclosure And Deletion vulnerability discovered by ISMAILSHADOW in WordPress Plugin AI Engine versions = 2.9.5...

WordPress ChatBot plugin <= 6.7.3 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by zaim in WordPress Plugin ChatBot versions = 6.7.3...

CVE-2024-6843

The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not sanitise and escape user inputs, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admins...

CVE-2024-7713

The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 discloses the Open AI API Key, allowing unauthenticated users to obtain it...

CVE-2024-0699

The AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'addimagefromurl' function in all versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with...

CVE-2024-5993

The Cliengo – Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updatesession' function in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

CVE-2023-3175

The AI ChatBot WordPress plugin before 4.6.1 does not adequately escape some settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2023-1650

The AI ChatBot WordPress plugin before 4.4.7 unserializes user input from cookies via an AJAX action available to unauthenticated users, which could allow them to perform PHP Object Injection when a suitable gadget is present on the blog...

CVE-2023-5204

The ChatBot plugin for WordPress is vulnerable to SQL Injection via the $strid parameter in versions up to, and including, 4.8.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated...

CVE-2023-23981

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in QuantumCloud Conversational Forms for ChatBot plugin = 1.1.6 versions...

CVE-2023-5534

The AI ChatBot plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.8.9 and 4.9.2. This is due to missing or incorrect nonce validation on the corresponding functions. This makes it possible for unauthenticated attackers to invoke those functions vi...

WordPress ChatBot plugin < 6.2.4 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin ChatBot versions 6.2.4...

WordPress plugin AI ChatBot for WordPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A security...

WordPress plugin ChatBot 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress WPBot plugin <= 6.3.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Peter Thaleikis Patchstack Alliance in WordPress Plugin ChatBot versions = 6.3.5...

CVE-2025-22813

CVE-2025-22813 is a stored XSS in ChatBot Conversational Forms (WordPress plugin) affecting Conversational Forms for ChatBot up to and including 1.4.2. Exploitation requires authentication (Contributor+). The issue is fixed in a patched release; upgrade to the patched version to mitigate. Details...

CVE-2024-6845

The Chatbot with ChatGPT WordPress plugin before 2.4.6 does not have proper authorization in one of its REST endpoint, allowing unauthenticated users to retrieve the encoded key and then decode it, thereby leaking the OpenAI API key...