CVE-2023-5533

The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to missing capability checks on the corresponding functions in versions up to, and including, 4.8.9 as well as 4.9.2. This makes it possible for unauthenticated attackers to perform some of those actions tha...

CVE-2023-5534 AI ChatBot <= 4.8.9 and 4.9.2 - Cross-Site Request Forgery on AJAX actions

The AI ChatBot plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.8.9 and 4.9.2. This is due to missing or incorrect nonce validation on the corresponding functions. This makes it possible for unauthenticated attackers to invoke those functions vi...

PT-2023-32160 · WordPress · Ai Chatbot

Name of the Vulnerable Software and Affected Versions: AI ChatBot plugin for WordPress versions up to, and including, 4.8.9 AI ChatBot plugin for WordPress version 4.9.2 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on certain...

CVE-2023-5204

The ChatBot plugin for WordPress is vulnerable to SQL Injection via the $strid parameter in versions up to, and including, 4.8.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated...

Sql injection

The ChatBot plugin for WordPress is vulnerable to SQL Injection via the $strid parameter in versions up to, and including, 4.8.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated...

CVE-2023-5254 AI ChatBot <= 4.8.9 - Unauthenticated Sensitive Information Exposure via qcld_wb_chatbot_check_user

The ChatBot plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.8.9 via the qcldwbchatbotcheckuser function. This can allow unauthenticated attackers to extract sensitive data including confirmation as to whether a user name exists on the site ...

CVE-2023-5204 AI ChatBot <= 4.8.9 - Unauthenticated SQL Injection via qc_wpbo_search_response

The ChatBot plugin for WordPress is vulnerable to SQL Injection via the $strid parameter in versions up to, and including, 4.8.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated...

WordPress plugin ChatBot security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin ChatBot SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress ChatBot Plugin <= 4.8.9 is vulnerable to Broken Access Control

Software ChatBot Type Plugin Vulnerable versions = 4.8.9 Fixed in 4.9.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-5533 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID ffa27d384955 Credits Marco Wotschka Required privilege...

WordPress ChatBot Plugin <= 4.8.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software ChatBot Type Plugin Vulnerable versions = 4.8.9 Fixed in 4.9.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5534 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID dd9ca26e2bc4 Credits Marco Wotschka Required...

WordPress ChatBot Plugin <= 4.8.9 is vulnerable to Path Traversal

Software ChatBot Type Plugin Vulnerable versions = 4.8.9 Fixed in 4.9.1 OWASP Top 10 A3: Injection Classification Path Traversal CVE CVE-2023-5241 Patch priority High CVSS severity High 9.6 Developer Claim ownership PSID 066f9b5875d8 Credits Marco Wotschka Required privilege Subscriber Published ...

CVE-2023-44993

Cross-Site Request Forgery CSRF vulnerability in QuantumCloud AI ChatBot plugin = 4.7.8 versions...

PT-2023-29336 · Unknown · Quantumcloud Ai Chatbot Plugin

Name of the Vulnerable Software and Affected Versions: QuantumCloud AI ChatBot plugin versions = 4.7.8 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application...

WordPress ChatBot Plugin <= 4.7.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software ChatBot Type Plugin Vulnerable versions = 4.7.8 Fixed in 4.7.9 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-44993 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 595f79a2846b Credits Mika Required privilege...

CVE-2023-4253 Chatbot < 4.7.8 - Admin+ Stored XSS in FAQ Builder

The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress plugin AI ChatBot cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2023-28406 · WordPress · Ai Chatbot

Name of the Vulnerable Software and Affected Versions: AI ChatBot WordPress plugin versions prior to 4.7.8 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in a...

WordPress ChatBot Plugin < 4.7.8 is vulnerable to Cross Site Scripting (XSS)

Software ChatBot Type Plugin Vulnerable versions 4.7.8 Fixed in 4.7.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4254 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c88c0ce63b6b Credits Bob Matyas Required privilege...

WordPress ChatBot Plugin < 4.7.8 is vulnerable to Cross Site Scripting (XSS)

Software ChatBot Type Plugin Vulnerable versions 4.7.8 Fixed in 4.7.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4253 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1272ce44f1e5 Credits Nguyen Hoang Nam Required privileg...