Lucene search
K

7 matches found

Nuclei
Nuclei
added 10 hours ago5 views

WPBot <= 8.4.9 - Cross-Site Scripting

WPBot = 8.4.9 is vulnerable to stored cross-site scripting via the conversation parameter in the qcldwbchatbotconversationsave AJAX action. The AJAX nonce qcsecretbotnonceval123qc is publicly emitted on every frontend page via wplocalizescript under the ajaxnonce key, making it freely obtainable ...

7.2CVSS5.8AI score0.00241EPSS
Exploits0References2
NVD
NVD
added 2026/07/01 5:16 a.m.7 views

CVE-2026-13731

The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'conversation' parameter in all versions up to, and including, 8.4.9 due to insufficient input sanitization and output escaping. This makes it possible f...

7.2CVSS0.00241EPSS
Exploits0References7
CVE
CVE
added 2026/07/01 3:43 a.m.12 views

CVE-2026-13731

CVE-2026-13731 affects the WPBot – AI ChatBot for WordPress plugin (versions up to and including 8.4.9). The vulnerability is a stored Cross‑Site Scripting (XSS) via the conversation parameter caused by insufficient input sanitization and output escaping. Unauthenticated attackers can inject arbi...

7.2CVSS5.9AI score0.00241EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/07/01 3:43 a.m.32 views

CVE-2026-13731 WPBot <= 8.4.9 - Unauthenticated Stored Cross-Site Scripting via 'conversation' Parameter

The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'conversation' parameter in all versions up to, and including, 8.4.9 due to insufficient input sanitization and output escaping. This makes it possible f...

7.2CVSS0.00241EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/01 3:43 a.m.8 views

EUVD-2026-40889

The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'conversation' parameter in all versions up to, and including, 8.4.9 due to insufficient input sanitization and output escaping. This makes it possible f...

7.2CVSS5.9AI score0.00241EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.9 views

PT-2026-54475

Name of the Vulnerable Software and Affected Versions WPBot – AI ChatBot for Live Support, Lead Generation, AI Services versions prior to 8.5.0 Description Insufficient input sanitization and output escaping allow unauthenticated attackers to perform Stored Cross-Site Scripting XSS, a technique...

7.2CVSS6.1AI score0.00241EPSS
Exploits0References11
NVD
NVD
added 2024/05/23 5:15 p.m.18 views

CVE-2024-34934

A SQL injection vulnerability in /view/emarksrangegradeupdateform.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the conversationid parameter...

9.8CVSS8.1AI score0.0051EPSS
Exploits1References1
Rows per page
Query Builder