WordPress AI ChatBot (WPBot) <= 4.8.9 - SQL Injection

ChatBot plugin for WordPress up to 4.8.9 contains a sqlinjection caused by insufficient escaping and lack of preparation on the $strid parameter, letting unauthenticated attackers extract sensitive data, exploit requires no authentication. id: CVE-2023-5204 info: name: WordPress AI ChatBot WPBot ...

EUVD-2025-210225

Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot = 13.6.5 versions...

CVE-2025-60223

Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot = 13.6.5 versions...

CVE-2025-60223 WordPress WPBot Pro Wordpress Chatbot plugin <= 13.6.5 - Arbitrary File Deletion vulnerability

Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot = 13.6.5 versions...

CVE-2025-60223

CVE-2025-60223 affects the WordPress plugin WPBot Pro Wordpress Chatbot (versions

EUVD-2025-28098

Malicious code in bioql PyPI...

EUVD-2024-47721

Malicious code in bioql PyPI...

CVE-2025-9111 WPBOT < 7.1.0 - Admin+ Stored XSS

The AI ChatBot for WordPress WordPress plugin before 7.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-9111 WPBOT < 7.1.0 - Admin+ Stored XSS

The AI ChatBot for WordPress WordPress plugin before 7.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-9111

The CVE-2025-9111 entry applies to the WordPress plugin “AI ChatBot for WordPress” (WPBOT) versions before 7.1.0. The issue is a failure to sufficiently sanitise and escape some settings, which could allow stored XSS by high-privilege users (e.g., admins), even when unfiltered_html is disallowed ...

CVE-2025-22813

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuantumCloud Conversational Forms for ChatBot conversational-forms allows Stored XSS.This issue affects Conversational Forms for ChatBot: from n/a through = 1.4.2...

CVE-2025-47582

Deserialization of Untrusted Data vulnerability in QuantumCloud WPBot Pro Wordpress Chatbot allows Object Injection.This issue affects WPBot Pro Wordpress Chatbot: from n/a through 12.7.0...

CVE-2025-47582

Deserialization of Untrusted Data vulnerability in QuantumCloud WPBot Pro Wordpress Chatbot allows Object Injection.This issue affects WPBot Pro Wordpress Chatbot: from n/a through 12.7.0...

CVE-2025-47582

Deserialization of Untrusted Data vulnerability in QuantumCloud WPBot Pro Wordpress Chatbot allows Object Injection.This issue affects WPBot Pro Wordpress Chatbot: from n/a through 12.7.0...

CVE-2025-47582

CVE-2025-47582 describes a Deserialization of Untrusted Data vulnerability in the WordPress plugin WPBot Pro WordPress Chatbot (affected: versions n/a through 12.7.0) that allows PHP object injection . The issue, stated across sources, indicates untrusted data deserialization can be exploited to ...

CVE-2025-47582 WordPress WPBot Pro Wordpress Chatbot <= 12.7.0 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in QuantumCloud WPBot Pro Wordpress Chatbot allows Object Injection.This issue affects WPBot Pro Wordpress Chatbot: from n/a through 12.7.0...

CVE-2025-47582 WordPress WPBot Pro Wordpress Chatbot <= 12.7.0 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in QuantumCloud WPBot Pro Wordpress Chatbot allows Object Injection.This issue affects WPBot Pro Wordpress Chatbot: from n/a through 12.7.0...

WordPress WPBot Pro Wordpress Chatbot plugin <= 13.6.5 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Plugin WPBot Pro Wordpress Chatbot versions = 13.6.5...

CVE-2025-3812

The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the qcldopenaideletetrainingfile function in all versions up to, and including, 13.6.2. This makes it possible for authenticated attackers, with Subscriber-lev...

PT-2025-22067 · WordPress · Quantumcloud Wpbot Pro

Name of the Vulnerable Software and Affected Versions: QuantumCloud WPBot Pro Wordpress Chatbot versions n/a through 12.7.0 Description: The issue is related to the deserialization of untrusted data, allowing object injection in the QuantumCloud WPBot Pro Wordpress Chatbot. This can be exploited...