CVE-2023-5606

The CVE-2023-5606 issue affects the WordPress Plugin ChatBot, specifically versions 4.8.6 through 4.9.6. The root cause is insufficient input sanitization and output escaping in the FAQ Builder, enabling Stored Cross-Site Scripting. Impact is limited to sites using multisite installations or with...

CVE-2023-5241

CVE-2023-5241 affects the WordPress AI ChatBot plugin. It is a Directory Traversal via the function qcld_openai_upload_pagetraining_file , enabling subscriber‑level attackers to append PHP code to existing server files (e.g., wp-config.php), with potential DoS. Affected versions are up to 4.8.9 a...

CVE-2023-4253

The CVE-2023-4253 entry concerns the WordPress plugin AI ChatBot (up to version 4.7.8). The issue is improper sanitisation/escaping of certain settings, enabling stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed. Public details in connected Red Hat and NVD ...

CVE-2023-2811

CVE-2023-2811 affects the AI ChatBot WordPress plugin (pre-4.5.6). The issue is due to insufficient sanitisation/escaping of numerous settings, allowing stored cross-site scripting that can impact all admins when configuring the chatbot and all users of the chatbot. The primary root cause is impr...

CVE-2023-48741

CVE-2023-48741 : SQL Injection in the WordPress AI ChatBot plugin (ChatBot) affecting versions up to 4.7.8. Root cause: improper neutralization of input in the SQL query (orderby parameter) leading to potential data exposure. Impact per sources includes high confidentiality/integrity/availability...

CVE-2023-1650

The CVE-2023-1650 entry concerns the AI ChatBot WordPress plugin (before 4.4.7). The vulnerability arises from unserializing user input stored in cookies via an AJAX action accessible to unauthenticated users, enabling PHP Object Injection if a compatible gadget is present. Affected software: Wor...

CVE-2023-5204

CVE-2023-5204 affects the WordPress AI ChatBot plugin by QuantumCloud. The vulnerability is an unauthenticated SQL Injection via the POST parameter strid used by the ajax handler qc_wpbo_search_response. The underlying issue is insufficient escaping and lack of prepared statements for the SQL que...

CVE-2023-44993

The CVE-2023-44993 entry describes a Cross-Site Request Forgery (CSRF) vulnerability in the QuantumCloud AI ChatBot WordPress plugin, affecting versions ≤ 4.7.8. The root cause is CSRF in the plugin’s request handling, with PatchStack noting the fix shipped in version 4.7.9 and indicating the iss...

CVE-2023-5533

CVE-2023-5533 affects the WordPress AI ChatBot plugin. The vulnerability arises from missing capability checks on multiple AJAX actions, allowing unauthenticated users to invoke actions intended for higher-privileged users. Affected versions are up to and including 4.8.9 and also 4.9.2. Wordfence...

CVE-2023-5212

CVE-2023-5212 refers to the AI ChatBot for WordPress, where an authenticated subscriber+ can misuse the qcld_openai_delete_training_file path to perform an arbitrary file deletion on the server. Affected versions are

CVE-2023-1011

CVE-2023-1011 affects the AI ChatBot WordPress plugin prior to 4.4.5. The issue is a stored XSS vector caused by insufficient escaping of settings output in the dashboard and a missing/weak CSRF protection, enabling a logged‑in admin to inject XSS payloads via the plugin settings. Evidence in con...

CVE-2023-1649

CVE-2023-1649 affects the AI ChatBot WordPress plugin prior to version 4.5.1. The flaw arises from insufficient sanitization/escaping of numerous settings, enabling Stored XSS by high-privilege users (e.g., admins), including in multisite configurations where unfiltered_html is disallowed. The vu...

CVE-2023-5534

Summary: CVE-2023-5534 concerns the AI ChatBot WordPress plugin with CSRF due to missing/incorrect nonce validation in certain functions, affecting versions ≤ 4.8.9 and 4.9.2. Unauthenticated attackers can exploit forged requests to trigger actions when a site admin is enticed to click links. Imp...

CVE-2024-0451

CVE-2024-0451 affects the WordPress AI ChatBot for WordPress (WPBot) plugin. The vulnerability is due to a missing capability check in openai_file_list_callback across versions up to and including 5.3.4, enabling authenticated users with subscriber-level access and above to enumerate files in a l...

CVE-2024-0453

CVE-2024-0453 describes a vulnerability in the WordPress plugin AI ChatBot for WordPress (WPBot) where a missing capability check in openai_file_delete_callback allows authenticated users with subscriber-level access and above to delete files from a linked OpenAI account. The issue affects all ve...

CVE-2023-2742

CVE-2023-2742 affects the AI ChatBot WordPress plugin (pre-4.5.5). The vulnerability is a stored XSS due to unsanitized/uncleaned settings in the admin UI, allowing an admin (high-privilege user) to inject scripts even when unfiltered_html is disallowed. Root cause: settings are not sanitized/esc...

CVE-2023-5254

CVE-2023-5254 affects the AI ChatBot WordPress plugin. The vulnerability is an unauthenticated Sensitive Information Exposure via the qcld_wb_chatbot_check_user function, impacting versions up to and including 4.8.9. An attacker can confirm whether a username exists and view order information for...

CVE-2024-0452

The CVE-2024-0452 entry for the AI ChatBot for WordPress (WPBot) is confirmed with concrete details: the vulnerability is a missing capability check in openai_file_upload_callback across all versions up to 5.3.4, allowing authenticated users with subscriber-level access or higher to upload files ...

CVE-2024-6669

The CVE CVE-2024-6669 affects the WPBot WordPress plugin (AI ChatBot for WordPress) up to version 5.5.7, enabling Stored Cross-Site Scripting via admin settings and requiring administrator+ privileges. Impact is limited to multisite setups or where unfiltered_html is disabled; a fix exists in ver...

CVE-2023-1651

The CVE-2023-1651 entry concerns the WordPress plugin AI ChatBot prior to version 4.4.9. The vulnerability arises from missing authorization and CSRF protection in the AJAX action used to update OpenAI settings, allowing any authenticated user (e.g., subscribers) to modify settings. Additionally,...

CVE-2023-1660

The CVE-2023-1660 entry concerns the AI ChatBot WordPress plugin prior to version 4.4.9, which lacks authorization checks and CSRF protection in a function hooked to init. This allows unauthenticated users to modify certain settings, and the lack of proper escaping when these settings are output ...

CVE-2022-47613

CVE-2022-47613 affects the WordPress AI ChatBot/ChatBot plugin up to version 4.3.0. The vulnerability is a stored XSS that requires admin+ privileges to exploit. Multiple connected sources (Patchstack and WP vuln entries) indicate the issue arises from insufficient input sanitization in the chatb...

CVE-2023-4254

The CVE-2023-4254 entry concerns the AI ChatBot WordPress plugin prior to version 4.7.8, which fails to sanitise/escape certain settings, enabling Stored XSS by high-privilege users (e.g., Admin) even when unfiltered_html is disallowed (such as in multisite). Public details in connected documents...

CVE-2023-3175

The CVE-2023-3175 entry is supported by multiple connected documents describing a stored Cross-Site Scripting vulnerability in the AI ChatBot WordPress plugin prior to version 4.6.1. The issue arises because certain settings are not adequately escaped, allowing high-privilege users (e.g., admins)...

CVE-2024-22309

CVE-2024-22309 : WordPress ChatBot with AI plugin vulnerable up to 5.1.0 due to deserialization of untrusted data (PHP Object Injection). Exploitation requires no authentication. Connected sources indicate the issue was fixed with patches in newer releases; ensure upgrade to a non-vulnerable vers...

CVE-2025-0329

The CVE-2025-0329 entry concerns the AI ChatBot for WordPress (WPBot) plugin for WordPress, affected versions prior to 6.2.4. The root cause is insufficient sanitization and escaping of certain settings, which could enable stored cross-site scripting (XSS) by high-privilege users (e.g., admins), ...

CVE-2025-9111

The CVE-2025-9111 entry applies to the WordPress plugin “AI ChatBot for WordPress” (WPBOT) versions before 7.1.0. The issue is a failure to sufficiently sanitise and escape some settings, which could allow stored XSS by high-privilege users (e.g., admins), even when unfiltered_html is disallowed ...