53 matches found
PT-2025-1990 · WordPress · Conversational Form Builder Pro +2
Name of the Vulnerable Software and Affected Versions: WPBot Pro Wordpress Chatbot plugin for WordPress versions up to, and including, 13.5.4 Description: The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the qcld...
CVE-2025-22813
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuantumCloud Conversational Forms for ChatBot conversational-forms allows Stored XSS.This issue affects Conversational Forms for ChatBot: from n/a through = 1.4.2...
CVE-2024-6669
The AI ChatBot for WordPress – WPBot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-6669
The CVE CVE-2024-6669 affects the WPBot WordPress plugin (AI ChatBot for WordPress) up to version 5.5.7, enabling Stored Cross-Site Scripting via admin settings and requiring administrator+ privileges. Impact is limited to multisite setups or where unfiltered_html is disabled; a fix exists in ver...
CVE-2024-6669 AI ChatBot for WordPress – WPBot <= 5.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
The AI ChatBot for WordPress – WPBot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress AI ChatBot for WordPress – WPBot plugin <= 5.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Artem Polynko Artem Polynko in WordPress Plugin ChatBot versions = 5.5.7...
PT-2024-37788 · WordPress · Wpbot
Name of the Vulnerable Software and Affected Versions: The AI ChatBot for WordPress – WPBot plugin for WordPress versions up to, and including, 5.5.7 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. Thi...
Exploit for SQL Injection in Quantumcloud Wpbot
CVE-2023-5204 AI ChatBot = 4.8.9 - Unauthenticated SQL Inj...
Chatbot < 4.7.8 - Admin+ Stored XSS in Language Settings
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. In the plugin settings, select "WPB...
Chatbot < 4.7.8 - Admin+ Stored XSS in FAQ Builder
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Navigate to "WPBot Lite - Setting -...
AI ChatBot < 4.6.1 - Admin+ Stored Cross-Site Scripting
The plugin does not adequately escape some settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. 1. Visit WPBot Lite Settings Language Center. 2. Within any of the tabs "General", "FAQ", or "ChatBot...
AI ChatBot < 4.6.1 - Admin+ Stored Cross-Site Scripting
The plugin does not adequately escape some settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC 1. Visit WPBot Lite Settings Language Center. 2. Within any of the tabs "General", "FAQ", or "ChatBot...
AI ChatBot < 4.5.5 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. 1. Go to plugin settings under "WPBot Lite Simple Text Responses" 2. Enter the payload Test Query"...