1144 matches found
CVE-2026-4262 Incorrect authorization in HiJiffy Chatbot
Vulnerability of incorrect authorization in HiJiffy Chatbot allows an attacker to download private messages from other users via the parameter 'ID' in '/api/v1/download//'...
CVE-2026-4262
Vulnerability of incorrect authorization in HiJiffy Chatbot allows an attacker to download private messages from other users via the parameter 'ID' in '/api/v1/download//'...
CVE-2026-4262
HiJiffy Chatbot contains an incorrect authorization vulnerability. An attacker can download private messages by manipulating the ID parameter in the API endpoint /api/v1/download//. The CVSS base score is 6.9 (Medium) with Network attack vector, low attack complexity, no privileges required, and ...
PT-2026-28641
Name of the Vulnerable Software and Affected Versions HiJiffy Chatbot affected versions not specified Description An incorrect authorization issue exists in HiJiffy Chatbot that allows an attacker to download private messages from other users. This is achieved by exploiting the visitor parameter...
PT-2026-28640
Name of the Vulnerable Software and Affected Versions HiJiffy Chatbot affected versions not specified Description An incorrect authorization issue exists in HiJiffy Chatbot. This allows an attacker to download private messages belonging to other users. The issue is due to improper access control...
HiJiffy Chatbot 安全漏洞
HiJiffy Chatbot is a customer communication and automated response system for the hospitality industry developed by HiJiffy. There is a security vulnerability in HiJiffy Chatbot, which stems from improper authorization. This vulnerability could allow attackers to download private messages from...
EUVD-2026-15847
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in QuantumCloud ChatBot chatbot allows Blind SQL Injection.This issue affects ChatBot: from n/a through = 7.7.9...
CVE-2026-32499
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in QuantumCloud ChatBot chatbot allows Blind SQL Injection.This issue affects ChatBot: from n/a through = 7.7.9...
CVE-2026-32499 WordPress ChatBot plugin <= 7.7.9 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in QuantumCloud ChatBot chatbot allows Blind SQL Injection.This issue affects ChatBot: from n/a through = 7.7.9...
CVE-2026-32499
CVE-2026-32499 is an unauthenticated SQL injection in the WordPress WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin (WPBot) up to version 7.7.9. Root cause is improper neutralization of input in the plugin’s SQL queries, allowing blind SQL injection. Public details in con...
CVE-2026-32499 WordPress ChatBot plugin <= 7.7.9 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in QuantumCloud ChatBot chatbot allows Blind SQL Injection.This issue affects ChatBot: from n/a through = 7.7.9...
CVE-2026-32499
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in QuantumCloud ChatBot chatbot allows Blind SQL Injection.This issue affects ChatBot: from n/a through = 7.7.9...
WordPress plugin ChatBot SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
WordPress WP-Chatbot for Messenger plugin <= 4.9 - Missing Authorization to Unauthenticated Chatbot Configuration Takeover vulnerability
Missing Authorization to Unauthenticated Chatbot Configuration Takeover vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin WP-Chatbot for Messenger versions = 4.9...
EUVD-2026-13998
The WP-Chatbot for Messenger plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite the...
CVE-2026-3506
The WP-Chatbot for Messenger plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite the...
CVE-2026-3506 WP-Chatbot for Messenger <= 4.9 - Missing Authorization to Unauthenticated Chatbot Configuration Takeover
The WP-Chatbot for Messenger plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite the...
CVE-2026-3506
WP-Chatbot for Messenger plugin for WordPress (up to version 4.9) suffers an authorization bypass due to improper verification of user permissions, enabling unauthenticated attackers to overwrite the site’s MobileMonkey API token and company ID options . This can hijack chatbot configuration and ...
CVE-2026-3506
The WP-Chatbot for Messenger plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite the...
CVE-2026-3506 WP-Chatbot for Messenger <= 4.9 - Missing Authorization to Unauthenticated Chatbot Configuration Takeover
The WP-Chatbot for Messenger plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite the...