Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
quantumcloud vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2024-22309
Deserialization of Untrusted Data vulnerability in QuantumCloud ChatBot with AI.This issue affects ChatBot with AI: from n/a up to and including 5.1.0.
Quantumcloud Ai Chatbot
4.8
CVSSv3
CVE-2023-4254
The AI ChatBot WordPress plugin prior to 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite s...
Quantumcloud Ai Chatbot
8.8
CVSSv3
CVE-2023-44993
Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI ChatBot plugin <= 4.7.8 versions.
Quantumcloud Ai Chatbot
4.8
CVSSv3
CVE-2023-3175
The AI ChatBot WordPress plugin prior to 4.6.1 does not adequately escape some settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Quantumcloud Ai Chatbot
4.8
CVSSv3
CVE-2023-2811
The AI ChatBot WordPress plugin prior to 4.5.6 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks to all admin when setting chatbot and all client when using chatbot
Quantumcloud Ai Chatbot
4.8
CVSSv3
CVE-2023-2742
The AI ChatBot WordPress plugin prior to 4.5.5 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Quantumcloud Ai Chatbot
6.1
CVSSv3
CVE-2023-1011
The AI ChatBot WordPress plugin prior to 4.4.5 does not escape most of its settings before outputting them back in the dashboard, and does not have a proper CSRF check, allowing malicious users to make a logged in admin set XSS payloads in them.
Quantumcloud Ai Chatbot
4.8
CVSSv3
CVE-2022-47613
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in QuantumCloud AI ChatBot plugin <= 4.3.0 versions.
Quantumcloud Ai Chatbot
9.8
CVSSv3
CVE-2022-0747
The Infographic Maker WordPress plugin prior to 4.3.8 does not validate and escape the post_id parameter before using it in a SQL statement via the qcld_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection
Quantumcloud Infographic Maker
8.8
CVSSv3
CVE-2021-24506
The Slider Hero with Animation, Video Background & Intro Maker WordPress plugin prior to 8.2.7 does not sanitise or escape the id attribute of its hero-button shortcode before using it in a SQL statement, allowing users with a role as low as Contributor to perform SQL injecti...
Quantumcloud Slider Hero
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »