Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
quantumcloud vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-1651
The AI ChatBot WordPress plugin prior to 4.4.9 does not have authorisation and CSRF in the AJAX action responsible to update the OpenAI settings, allowing any authenticated users, such as subscriber to update them. Furthermore, due to the lack of escaping of the settings, this co...
Quantumcloud Ai Chatbot
6.1
CVSSv3
CVE-2023-1660
The AI ChatBot WordPress plugin prior to 4.4.9 does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboard
Quantumcloud Ai Chatbot
9.8
CVSSv3
CVE-2022-0747
The Infographic Maker WordPress plugin prior to 4.3.8 does not validate and escape the post_id parameter before using it in a SQL statement via the qcld_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection
Quantumcloud Infographic Maker
7.5
CVSSv3
CVE-2023-5204
The ChatBot plugin for WordPress is vulnerable to SQL Injection via the $strid parameter in versions up to, and including, 4.8.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for un...
Quantumcloud Ai Chatbot
1 Github repository
4.8
CVSSv3
CVE-2023-4253
The AI ChatBot WordPress plugin prior to 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite s...
Quantumcloud Ai Chatbot
4.8
CVSSv3
CVE-2023-4254
The AI ChatBot WordPress plugin prior to 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite s...
Quantumcloud Ai Chatbot
4.8
CVSSv3
CVE-2023-3175
The AI ChatBot WordPress plugin prior to 4.6.1 does not adequately escape some settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Quantumcloud Ai Chatbot
9.8
CVSSv3
CVE-2024-22309
Deserialization of Untrusted Data vulnerability in QuantumCloud ChatBot with AI.This issue affects ChatBot with AI: from n/a up to and including 5.1.0.
Quantumcloud Ai Chatbot
4.8
CVSSv3
CVE-2023-2811
The AI ChatBot WordPress plugin prior to 4.5.6 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks to all admin when setting chatbot and all client when using chatbot
Quantumcloud Ai Chatbot
7.2
CVSSv3
CVE-2023-48741
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuantumCloud AI ChatBot.This issue affects AI ChatBot: from n/a up to and including 4.7.8.
Quantumcloud Ai Chatbot
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »