Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
quantumcloud ai chatbot vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-5533
The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to missing capability checks on the corresponding functions in versions up to, and including, 4.8.9 as well as 4.9.2. This makes it possible for unauthenticated malicious users to perform so...
Quantumcloud Ai Chatbot 4.9.2
Quantumcloud Ai Chatbot
5.4
CVSSv3
CVE-2023-5534
The AI ChatBot plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.8.9 and 4.9.2. This is due to missing or incorrect nonce validation on the corresponding functions. This makes it possible for unauthenticated malicious users to in...
Quantumcloud Ai Chatbot 4.9.2
Quantumcloud Ai Chatbot
8.1
CVSSv3
CVE-2023-5212
The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 4.8.9 as well as version 4.9.2. This makes it possible for authenticated attackers with subscriber privileges to delete arbitrary files on the server, which makes it pos...
Quantumcloud Ai Chatbot
Quantumcloud Ai Chatbot 4.9.2
8.1
CVSSv3
CVE-2023-5241
The AI ChatBot for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.8.9 as well as 4.9.2 via the qcld_openai_upload_pagetraining_file function. This allows subscriber-level malicious users to append "<?php" to any existing file on th...
Quantumcloud Ai Chatbot
Quantumcloud Ai Chatbot 4.9.2
4.8
CVSSv3
CVE-2023-5606
The ChatBot for WordPress is vulnerable to Stored Cross-Site Scripting via the FAQ Builder in versions 4.8.6 up to and including 4.9.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissi...
Quantumcloud Ai Chatbot
4.8
CVSSv3
CVE-2023-1649
The AI ChatBot WordPress plugin prior to 4.5.1 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisi...
Quantumcloud Ai Chatbot
9.8
CVSSv3
CVE-2023-1650
The AI ChatBot WordPress plugin prior to 4.4.7 unserializes user input from cookies via an AJAX action available to unauthenticated users, which could allow them to perform PHP Object Injection when a suitable gadget is present on the blog
Quantumcloud Ai Chatbot
5.4
CVSSv3
CVE-2023-1651
The AI ChatBot WordPress plugin prior to 4.4.9 does not have authorisation and CSRF in the AJAX action responsible to update the OpenAI settings, allowing any authenticated users, such as subscriber to update them. Furthermore, due to the lack of escaping of the settings, this co...
Quantumcloud Ai Chatbot
6.1
CVSSv3
CVE-2023-1660
The AI ChatBot WordPress plugin prior to 4.4.9 does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboard
Quantumcloud Ai Chatbot
4.8
CVSSv3
CVE-2023-4253
The AI ChatBot WordPress plugin prior to 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite s...
Quantumcloud Ai Chatbot
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »