WordPress AI ChatBot 4.8.9 SQL Injection / Traversal / File Deletion

Vulnerability Details and Technical Analysis The AI ChatBot plugin provides website owners with a plug and play chat solution that can be expanded upon with customizable FAQs and custom text responses. It provides website users with an interface that allows them to look up order information, leav...

WordPress AI ChatBot 4.8.9 SQL Injection / Traversal / File Deletion Vulnerabilities

Vulnerability Details and Technical Analysis The AI ChatBot plugin provides website owners with a plug and play chat solution that can be expanded upon with customizable FAQs and custom text responses. It provides website users with an interface that allows them to look up order information, leav...

AI ChatBot < 4.9.3 - Subscriber+ Arbitrary File Deletion

Description The plugin does not properly validate files to be deleted in the qcldopenaideletetrainingfile function, allowing users with roles as low as subscriber to delete arbitrary files on the server. This vulnerability is the same as CVE-2023-5212 but was accidentally reintroduced in version...

CVE-2023-5212

The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 4.8.9 as well as version 4.9.2. This makes it possible for authenticated attackers with subscriber privileges to delete arbitrary files on the server, which makes it possible to take ove...

CVE-2023-5212

CVE-2023-5212 refers to the AI ChatBot for WordPress, where an authenticated subscriber+ can misuse the qcld_openai_delete_training_file path to perform an arbitrary file deletion on the server. Affected versions are