The AI ChatBot for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.8.9 as well as 4.9.2 via the qcld_openai_upload_pagetraining_file function. This allows subscriber-level malicious users to append "<?php" to any existing file on the server resulting in potential DoS when appended to critical files such as wp-config.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
quantumcloud ai chatbot |
||
quantumcloud ai chatbot 4.9.2 |