Lucene search

WpvulndbWPVDB-ID:B8341A4D-4473-41F6-9819-D06E0F78DA41

HistoryNov 23, 2023 - 12:00 a.m.

AI ChatBot < 4.9.1 and 4.9.2 - Authenticated (Subscriber+) Directory Traversal to Arbitrary File Write via qcld_openai_upload_pagetraining_file

2023-11-2300:00:00

wpscan.com

ai chatbot

wordpress

directory traversal

file write

vulnerability

version 4.9.2

qcld_openai_upload_pagetraining_file

subscriber-level attackers

7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

47.9%

JSON

Description The AI ChatBot for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.8.9 as well as 4.9.2 via the qcld_openai_upload_pagetraining_file function. This allows subscriber-level attackers to append "

CPENameOperatorVersion
eq4.9.1

CPE	Name	Operator	Version
		eq	4.9.1

References

www.wordfence.com/threat-intel/vulnerabilities/id/25199281-5286-4d75-8d27-26ce215e0993