Lucene search
+L

58 matches found

Nuclei
Nuclei
added 8 hours ago20 views

WordPress AI ChatBot (WPBot) <= 4.8.9 - SQL Injection

ChatBot plugin for WordPress up to 4.8.9 contains a sqlinjection caused by insufficient escaping and lack of preparation on the $strid parameter, letting unauthenticated attackers extract sensitive data, exploit requires no authentication. id: CVE-2023-5204 info: name: WordPress AI ChatBot WPBot ...

9.8CVSS8AI score0.06888EPSS
Exploits4References3
NVD
NVD
added 2 days ago6 views

CVE-2026-15106

The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 8.5.6. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

5.3CVSS0.00273EPSS
Exploits0References8
EUVD
EUVD
added 2 days ago8 views

EUVD-2026-44892

The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 8.5.6. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

5.3CVSS6.2AI score0.00273EPSS
Exploits0References8
CVE
CVE
added 2 days ago10 views

CVE-2026-15106

The WPBot – AI ChatBot for Live Support WordPress plugin is vulnerable to an authorization bypass in all versions up to 8.5.6. The issue allows unauthenticated attackers to delete arbitrary chat session records from wpbot_user andwpbot_conversation by supplying a crafted userid value, indicating ...

5.3CVSS6.2AI score0.00273EPSS
Exploits0References8
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-15106 WPBot <= 8.5.6 - Missing Authorization to Unauthenticated Arbitrary Chat Session Deletion via 'userid' Parameter

The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 8.5.6. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

5.3CVSS0.00273EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/07/01 3:43 a.m.35 views

CVE-2026-13731 WPBot <= 8.4.9 - Unauthenticated Stored Cross-Site Scripting via 'conversation' Parameter

The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'conversation' parameter in all versions up to, and including, 8.4.9 due to insufficient input sanitization and output escaping. This makes it possible f...

7.2CVSS0.00524EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/07/01 3:43 a.m.7 views

CVE-2026-13731

The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'conversation' parameter in all versions up to, and including, 8.4.9 due to insufficient input sanitization and output escaping. This makes it possible f...

7.2CVSS5.9AI score0.00524EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/17 6:35 p.m.11 views

EUVD-2025-210225

Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot = 13.6.5 versions...

7.7CVSS5.2AI score0.0045EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:19 p.m.12 views

CVE-2025-60223

Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot = 13.6.5 versions...

7.7CVSS0.0045EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:50 a.m.15 views

CVE-2025-60223

CVE-2025-60223 affects the WordPress plugin WPBot Pro Wordpress Chatbot (versions

7.7CVSS5.2AI score0.0045EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:50 a.m.33 views

CVE-2025-60223 WordPress WPBot Pro Wordpress Chatbot plugin <= 13.6.5 - Arbitrary File Deletion vulnerability

Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot = 13.6.5 versions...

7.7CVSS0.0045EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-28098

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.00489EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-47721

Malicious code in bioql PyPI...

5.5CVSS6.5AI score0.00328EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/09/09 6:0 a.m.5 views

CVE-2025-9111 WPBOT < 7.1.0 - Admin+ Stored XSS

The AI ChatBot for WordPress WordPress plugin before 7.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.9AI score0.00241EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/09/09 6:0 a.m.10 views

CVE-2025-9111 WPBOT < 7.1.0 - Admin+ Stored XSS

The AI ChatBot for WordPress WordPress plugin before 7.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.00241EPSS
Exploits1References1
CVE
CVE
added 2025/09/09 6:0 a.m.20 views

CVE-2025-9111

The CVE-2025-9111 entry applies to the WordPress plugin “AI ChatBot for WordPress” (WPBOT) versions before 7.1.0. The issue is a failure to sufficiently sanitise and escape some settings, which could allow stored XSS by high-privilege users (e.g., admins), even when unfiltered_html is disallowed ...

3.5CVSS4.9AI score0.00241EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 11:35 a.m.6 views

CVE-2025-22813

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuantumCloud Conversational Forms for ChatBot conversational-forms allows Stored XSS.This issue affects Conversational Forms for ChatBot: from n/a through = 1.4.2...

6.5CVSS7.2AI score0.00225EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 6:17 p.m.7 views

CVE-2025-47582

Deserialization of Untrusted Data vulnerability in QuantumCloud WPBot Pro Wordpress Chatbot allows Object Injection.This issue affects WPBot Pro Wordpress Chatbot: from n/a through 12.7.0...

9.8CVSS8.6AI score0.00489EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/05/19 6:15 p.m.11 views

CVE-2025-47582

Deserialization of Untrusted Data vulnerability in QuantumCloud WPBot Pro Wordpress Chatbot allows Object Injection.This issue affects WPBot Pro Wordpress Chatbot: from n/a through 12.7.0...

9.8CVSS8.6AI score0.00489EPSS
Exploits0References3
NVD
NVD
added 2025/05/19 6:15 p.m.10 views

CVE-2025-47582

Deserialization of Untrusted Data vulnerability in QuantumCloud WPBot Pro Wordpress Chatbot allows Object Injection.This issue affects WPBot Pro Wordpress Chatbot: from n/a through 12.7.0...

9.8CVSS0.00489EPSS
Exploits0References1
Rows per page
Query Builder