Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
quantumcloud vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-5533
The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to missing capability checks on the corresponding functions in versions up to, and including, 4.8.9 as well as 4.9.2. This makes it possible for unauthenticated malicious users to perform so...
Quantumcloud Ai Chatbot 4.9.2
Quantumcloud Ai Chatbot
NA
CVE-2023-5534
The AI ChatBot plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.8.9 and 4.9.2. This is due to missing or incorrect nonce validation on the corresponding functions. This makes it possible for unauthenticated malicious users to in...
Quantumcloud Ai Chatbot 4.9.2
Quantumcloud Ai Chatbot
NA
CVE-2023-5212
The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 4.8.9 as well as version 4.9.2. This makes it possible for authenticated attackers with subscriber privileges to delete arbitrary files on the server, which makes it pos...
Quantumcloud Ai Chatbot
Quantumcloud Ai Chatbot 4.9.2
NA
CVE-2023-5241
The AI ChatBot for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.8.9 as well as 4.9.2 via the qcld_openai_upload_pagetraining_file function. This allows subscriber-level malicious users to append "<?php" to any existing file on th...
Quantumcloud Ai Chatbot
Quantumcloud Ai Chatbot 4.9.2
NA
CVE-2023-24415
Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI ChatBot plugin <= 4.2.8 versions.
Quantumcloud Chatbot
7.5
CVSSv2
CVE-2022-0747
The Infographic Maker WordPress plugin prior to 4.3.8 does not validate and escape the post_id parameter before using it in a SQL statement via the qcld_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection
Quantumcloud Infographic Maker
NA
CVE-2023-5204
The ChatBot plugin for WordPress is vulnerable to SQL Injection via the $strid parameter in versions up to, and including, 4.8.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for un...
Quantumcloud Ai Chatbot
1 Github repository
NA
CVE-2023-4253
The AI ChatBot WordPress plugin prior to 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite s...
Quantumcloud Ai Chatbot
NA
CVE-2023-2742
The AI ChatBot WordPress plugin prior to 4.5.5 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Quantumcloud Ai Chatbot
NA
CVE-2023-1011
The AI ChatBot WordPress plugin prior to 4.4.5 does not escape most of its settings before outputting them back in the dashboard, and does not have a proper CSRF check, allowing malicious users to make a logged in admin set XSS payloads in them.
Quantumcloud Ai Chatbot
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »