Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
quantumcloud vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2022-47613
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in QuantumCloud AI ChatBot plugin <= 4.3.0 versions.
Quantumcloud Ai Chatbot
5.4
CVSSv3
CVE-2023-1651
The AI ChatBot WordPress plugin prior to 4.4.9 does not have authorisation and CSRF in the AJAX action responsible to update the OpenAI settings, allowing any authenticated users, such as subscriber to update them. Furthermore, due to the lack of escaping of the settings, this co...
Quantumcloud Ai Chatbot
6.1
CVSSv3
CVE-2023-1660
The AI ChatBot WordPress plugin prior to 4.4.9 does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboard
Quantumcloud Ai Chatbot
5.3
CVSSv3
CVE-2023-5254
The ChatBot plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.8.9 via the qcld_wb_chatbot_check_user function. This can allow unauthenticated malicious users to extract sensitive data including confirmation as to whether a us...
Quantumcloud Ai Chatbot
4.8
CVSSv3
CVE-2023-2742
The AI ChatBot WordPress plugin prior to 4.5.5 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Quantumcloud Ai Chatbot
4.8
CVSSv3
CVE-2023-5606
The ChatBot for WordPress is vulnerable to Stored Cross-Site Scripting via the FAQ Builder in versions 4.8.6 up to and including 4.9.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissi...
Quantumcloud Ai Chatbot
6.1
CVSSv3
CVE-2019-13463
An XSS vulnerability in qcopd-shortcode-generator.php in the Simple Link Directory plugin prior to 7.3.5 for WordPress allows remote malicious users to inject arbitrary web script or HTML, because esc_html is not called for the "echo get_the_title()" or "echo $term...
Quantumcloud Simple Link Directory
9.8
CVSSv3
CVE-2022-0760
The Simple Link Directory WordPress plugin prior to 7.7.2 does not validate and escape the post_id parameter before using it in a SQL statement via the qcopd_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Inject...
Quantumcloud Simple Link Directory
4.8
CVSSv3
CVE-2023-23981
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in QuantumCloud Conversational Forms for ChatBot plugin <= 1.1.6 versions.
Quantumcloud Conversational Forms For Chatbot
4.3
CVSSv3
CVE-2021-24725
The Comment Link Remove and Other Comment Tools WordPress plugin prior to 2.1.6 does not have CSRF check in its 'Delete comments easily', which could allow malicious users to make logged in admin delete arbitrary comments
Quantumcloud Comment Link Remove And Other Comment Tools
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code execution
CVE-2024-34909
CVE-2024-3317
SSTI
CVE-2024-3400
CVE-2024-30051
wireless
CVE-2024-4622
CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »