Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
quantumcloud vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2023-5212
The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 4.8.9 as well as version 4.9.2. This makes it possible for authenticated attackers with subscriber privileges to delete arbitrary files on the server, which makes it pos...
Quantumcloud Ai Chatbot
Quantumcloud Ai Chatbot 4.9.2
8.1
CVSSv3
CVE-2023-5241
The AI ChatBot for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.8.9 as well as 4.9.2 via the qcld_openai_upload_pagetraining_file function. This allows subscriber-level malicious users to append "<?php" to any existing file on th...
Quantumcloud Ai Chatbot
Quantumcloud Ai Chatbot 4.9.2
9.8
CVSSv3
CVE-2023-5533
The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to missing capability checks on the corresponding functions in versions up to, and including, 4.8.9 as well as 4.9.2. This makes it possible for unauthenticated malicious users to perform so...
Quantumcloud Ai Chatbot 4.9.2
Quantumcloud Ai Chatbot
5.4
CVSSv3
CVE-2023-5534
The AI ChatBot plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.8.9 and 4.9.2. This is due to missing or incorrect nonce validation on the corresponding functions. This makes it possible for unauthenticated malicious users to in...
Quantumcloud Ai Chatbot 4.9.2
Quantumcloud Ai Chatbot
8.8
CVSSv3
CVE-2023-24415
Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI ChatBot plugin <= 4.2.8 versions.
Quantumcloud Chatbot
8.8
CVSSv3
CVE-2021-24506
The Slider Hero with Animation, Video Background & Intro Maker WordPress plugin prior to 8.2.7 does not sanitise or escape the id attribute of its hero-button shortcode before using it in a SQL statement, allowing users with a role as low as Contributor to perform SQL injecti...
Quantumcloud Slider Hero
5.3
CVSSv3
CVE-2023-5254
The ChatBot plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.8.9 via the qcld_wb_chatbot_check_user function. This can allow unauthenticated malicious users to extract sensitive data including confirmation as to whether a us...
Quantumcloud Ai Chatbot
7.5
CVSSv3
CVE-2023-5204
The ChatBot plugin for WordPress is vulnerable to SQL Injection via the $strid parameter in versions up to, and including, 4.8.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for un...
Quantumcloud Ai Chatbot
1 Github repository
4.8
CVSSv3
CVE-2023-2811
The AI ChatBot WordPress plugin prior to 4.5.6 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks to all admin when setting chatbot and all client when using chatbot
Quantumcloud Ai Chatbot
9.8
CVSSv3
CVE-2022-0747
The Infographic Maker WordPress plugin prior to 4.3.8 does not validate and escape the post_id parameter before using it in a SQL statement via the qcld_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection
Quantumcloud Infographic Maker
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »