6.2 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
52.8%
Description The plugin does not properly validate files to be deleted in the qcld_openai_delete_training_file function, allowing users with roles as low as subscriber to delete arbitrary files on the server.
www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/chatbot/ai-chatbot-489-authenticated-subscriber-arbitrary-file-deletion-via-qcld-openai-delete-training-file