Lucene search
K

53 matches found

Positive Technologies
Positive Technologies
added 2025/01/21 12:0 a.m.4 views

PT-2025-1990 · WordPress · Conversational Form Builder Pro +2

Name of the Vulnerable Software and Affected Versions: WPBot Pro Wordpress Chatbot plugin for WordPress versions up to, and including, 13.5.4 Description: The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the qcld...

9.8CVSS8.3AI score0.00815EPSS
Exploits0References9
NVD
NVD
added 2025/01/09 4:16 p.m.10 views

CVE-2025-22813

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuantumCloud Conversational Forms for ChatBot conversational-forms allows Stored XSS.This issue affects Conversational Forms for ChatBot: from n/a through = 1.4.2...

6.5CVSS0.00221EPSS
Exploits0References1
OSV
OSV
added 2024/07/17 7:15 a.m.5 views

CVE-2024-6669

The AI ChatBot for WordPress – WPBot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.8CVSS5.9AI score0.00328EPSS
Exploits0References5
CVE
CVE
added 2024/07/17 6:45 a.m.55 views

CVE-2024-6669

The CVE CVE-2024-6669 affects the WPBot WordPress plugin (AI ChatBot for WordPress) up to version 5.5.7, enabling Stored Cross-Site Scripting via admin settings and requiring administrator+ privileges. Impact is limited to multisite setups or where unfiltered_html is disabled; a fix exists in ver...

5.5CVSS5.1AI score0.00328EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2024/07/17 6:45 a.m.33 views

CVE-2024-6669 AI ChatBot for WordPress – WPBot <= 5.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting

The AI ChatBot for WordPress – WPBot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.5CVSS0.00328EPSS
Exploits0References5
Patchstack
Patchstack
added 2024/07/17 2:19 a.m.4 views

WordPress AI ChatBot for WordPress – WPBot plugin <= 5.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Artem Polynko Artem Polynko in WordPress Plugin ChatBot versions = 5.5.7...

5.5CVSS5.7AI score0.00328EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/17 12:0 a.m.4 views

PT-2024-37788 · WordPress · Wpbot

Name of the Vulnerable Software and Affected Versions: The AI ChatBot for WordPress – WPBot plugin for WordPress versions up to, and including, 5.5.7 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. Thi...

5.5CVSS6AI score0.00328EPSS
Exploits0References10
GithubExploit
GithubExploit
added 2024/02/21 5:14 p.m.74 views

Exploit for SQL Injection in Quantumcloud Wpbot

CVE-2023-5204 AI ChatBot = 4.8.9 - Unauthenticated SQL Inj...

9.8CVSS8AI score0.06888EPSS
Exploits4
wpexploit
wpexploit
added 2023/08/08 12:0 a.m.185 views

Chatbot < 4.7.8 - Admin+ Stored XSS in Language Settings

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. In the plugin settings, select "WPB...

4.8CVSS4.8AI score0.00408EPSS
Exploits2
wpexploit
wpexploit
added 2023/08/08 12:0 a.m.155 views

Chatbot < 4.7.8 - Admin+ Stored XSS in FAQ Builder

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Navigate to "WPBot Lite - Setting -...

4.8CVSS5.6AI score0.00416EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/19 12:0 a.m.155 views

AI ChatBot < 4.6.1 - Admin+ Stored Cross-Site Scripting

The plugin does not adequately escape some settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. 1. Visit WPBot Lite Settings Language Center. 2. Within any of the tabs "General", "FAQ", or "ChatBot...

4.8CVSS5.9AI score0.00511EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2023/06/19 12:0 a.m.17 views

AI ChatBot < 4.6.1 - Admin+ Stored Cross-Site Scripting

The plugin does not adequately escape some settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC 1. Visit WPBot Lite Settings Language Center. 2. Within any of the tabs "General", "FAQ", or "ChatBot...

4.8CVSS5.3AI score0.00511EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2023/05/22 12:0 a.m.141 views

AI ChatBot < 4.5.5 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. 1. Go to plugin settings under "WPBot Lite Simple Text Responses" 2. Enter the payload Test Query"...

4.8CVSS5.7AI score0.0047EPSS
Exploits2
Rows per page
Query Builder