Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
quantumcloud chatbot vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-5241
The AI ChatBot for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.8.9 as well as 4.9.2 via the qcld_openai_upload_pagetraining_file function. This allows subscriber-level malicious users to append "<?php" to any existing file on th...
Quantumcloud Ai Chatbot
Quantumcloud Ai Chatbot 4.9.2
NA
CVE-2023-5534
The AI ChatBot plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.8.9 and 4.9.2. This is due to missing or incorrect nonce validation on the corresponding functions. This makes it possible for unauthenticated malicious users to in...
Quantumcloud Ai Chatbot 4.9.2
Quantumcloud Ai Chatbot
NA
CVE-2023-5212
The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 4.8.9 as well as version 4.9.2. This makes it possible for authenticated attackers with subscriber privileges to delete arbitrary files on the server, which makes it pos...
Quantumcloud Ai Chatbot
Quantumcloud Ai Chatbot 4.9.2
NA
CVE-2023-5533
The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to missing capability checks on the corresponding functions in versions up to, and including, 4.8.9 as well as 4.9.2. This makes it possible for unauthenticated malicious users to perform so...
Quantumcloud Ai Chatbot 4.9.2
Quantumcloud Ai Chatbot
NA
CVE-2023-24415
Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI ChatBot plugin <= 4.2.8 versions.
Quantumcloud Chatbot
NA
CVE-2023-1649
The AI ChatBot WordPress plugin prior to 4.5.1 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisi...
Quantumcloud Ai Chatbot
NA
CVE-2023-1651
The AI ChatBot WordPress plugin prior to 4.4.9 does not have authorisation and CSRF in the AJAX action responsible to update the OpenAI settings, allowing any authenticated users, such as subscriber to update them. Furthermore, due to the lack of escaping of the settings, this co...
Quantumcloud Ai Chatbot
NA
CVE-2023-48741
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuantumCloud AI ChatBot.This issue affects AI ChatBot: from n/a up to and including 4.7.8.
Quantumcloud Ai Chatbot
NA
CVE-2022-47613
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in QuantumCloud AI ChatBot plugin <= 4.3.0 versions.
Quantumcloud Ai Chatbot
NA
CVE-2023-2811
The AI ChatBot WordPress plugin prior to 4.5.6 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks to all admin when setting chatbot and all client when using chatbot
Quantumcloud Ai Chatbot
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
malicious code
XML injection
CVE-2024-28020
CVE-2024-35252
CVE-2024-5833
CVE-2024-30066
injection
CVE-2024-23282
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »