53 matches found
PT-2025-22067 · WordPress · Quantumcloud Wpbot Pro
Name of the Vulnerable Software and Affected Versions: QuantumCloud WPBot Pro Wordpress Chatbot versions n/a through 12.7.0 Description: The issue is related to the deserialization of untrusted data, allowing object injection in the QuantumCloud WPBot Pro Wordpress Chatbot. This can be exploited...
CVE-2025-3812
The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the qcldopenaideletetrainingfile function in all versions up to, and including, 13.6.2. This makes it possible for authenticated attackers, with Subscriber-lev...
CVE-2025-3812 WPBot Pro Wordpress Chatbot <= 13.6.2 - Authenticated (Subscriber+) Arbitrary File Deletion
The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the qcldopenaideletetrainingfile function in all versions up to, and including, 13.6.2. This makes it possible for authenticated attackers, with Subscriber-lev...
PT-2025-21775 · WordPress · Wpbot Pro
Name of the Vulnerable Software and Affected Versions: WPBot Pro Wordpress Chatbot plugin versions up to, and including, 13.6.2 Description: The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the qcld openai...
WordPress plugin WPBot Pro Wordpress Chatbot 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress WPBot Pro Wordpress Chatbot plugin <= 13.6.2 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability
Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WPBot Pro Wordpress Chatbot versions = 13.6.2...
CVE-2025-26932 WordPress WPBot plugin <= 6.3.5 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in QuantumCloud ChatBot chatbot allows PHP Local File Inclusion.This issue affects ChatBot: from n/a through = 6.3.5...
CVE-2025-26932 WordPress WPBot plugin <= 6.3.5 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in QuantumCloud ChatBot chatbot allows PHP Local File Inclusion.This issue affects ChatBot: from n/a through = 6.3.5...
WordPress WPBot plugin <= 6.3.5 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Peter Thaleikis Patchstack Alliance in WordPress Plugin ChatBot versions = 6.3.5...
CVE-2024-13091
The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'qcldwpcfbfileupload' function in all versions up to, and including, 13.5.4. This makes it possible for unauthenticated attackers to upload arbitrary files on th...
CVE-2024-12879 WPBot Pro Wordpress Chatbot <= 13.5.5 - Missing Authorization to Authenticated (Subscriber+) Simple Text Response Creation
The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'qcwplatestupdatecheckpro' function in all versions up to, and including, 13.5.5. This makes it possible for authenticated attackers, with...
CVE-2024-12879 WPBot Pro Wordpress Chatbot <= 13.5.5 - Missing Authorization to Authenticated (Subscriber+) Simple Text Response Creation
The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'qcwplatestupdatecheckpro' function in all versions up to, and including, 13.5.5. This makes it possible for authenticated attackers, with...
CVE-2024-12879
CVE-2024-12879 concerns WPBot Pro WordPress Chatbot plugin (versions up to and including 13.5.5). The connected sources confirm a missing capability check in the qc_wp_latest_update_check_pro function that permits authenticated users with Subscriber-level access and above to create Simple Text Re...
CVE-2024-13091
The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'qcldwpcfbfileupload' function in all versions up to, and including, 13.5.4. This makes it possible for unauthenticated attackers to upload arbitrary files on th...
PT-2025-1975 · WordPress · Wpbot Pro
Name of the Vulnerable Software and Affected Versions: WPBot Pro Wordpress Chatbot plugin for WordPress versions up to, and including, 13.5.5 Description: The issue allows authenticated attackers with Subscriber-level access and above to create Simple Text Responses to chat queries due to a missi...
CVE-2024-13091 WPBot Pro Wordpress Chatbot <= 13.5.4 - Unauthenticated Arbitrary File Upload
The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'qcldwpcfbfileupload' function in all versions up to, and including, 13.5.4. This makes it possible for unauthenticated attackers to upload arbitrary files on th...
CVE-2024-13091 WPBot Pro Wordpress Chatbot <= 13.5.4 - Unauthenticated Arbitrary File Upload
The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'qcldwpcfbfileupload' function in all versions up to, and including, 13.5.4. This makes it possible for unauthenticated attackers to upload arbitrary files on th...
CVE-2024-13091
CVE-2024-13091 affects the WPBot Pro WordPress plugin (versions ≤ 13.5.4). The vulnerability stems from missing file-type validation in the qcld_wpcfb_file_upload function, allowing unauthenticated attackers to upload arbitrary files to the server. This could enable remote code execution, especia...
WordPress WPBot Pro Wordpress Chatbot plugin <= 13.5.5 - Missing Authorization to Authenticated (Subscriber+) Simple Text Response Creation vulnerability
Missing Authorization to Authenticated Subscriber+ Simple Text Response Creation vulnerability discovered by BrokenAC ignore in WordPress Plugin WPBot Pro Wordpress Chatbot versions = 13.5.5...
WordPress WPBot Pro Wordpress Chatbot plugin <= 13.5.4 - Unauthenticated Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload vulnerability discovered by István Márton in WordPress Plugin WPBot Pro Wordpress Chatbot versions = 13.5.4...