Vulnerabilities > Quantumcloud > AI Chatbot

DATE CVE VULNERABILITY TITLE RISK
2024-07-17 CVE-2024-6669 Cross-site Scripting vulnerability in Quantumcloud AI Chatbot
The AI ChatBot for WordPress – WPBot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.7 due to insufficient input sanitization and output escaping.
network
low complexity
quantumcloud CWE-79
4.8
2024-01-24 CVE-2024-22309 Deserialization of Untrusted Data vulnerability in Quantumcloud AI Chatbot
Deserialization of Untrusted Data vulnerability in QuantumCloud ChatBot with AI.This issue affects ChatBot with AI: from n/a through 5.1.0.
network
low complexity
quantumcloud CWE-502
critical
9.8
2023-12-19 CVE-2023-48741 SQL Injection vulnerability in Quantumcloud AI Chatbot
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuantumCloud AI ChatBot.This issue affects AI ChatBot: from n/a through 4.7.8.
network
low complexity
quantumcloud CWE-89
7.2
2023-11-02 CVE-2023-5606 Cross-site Scripting vulnerability in Quantumcloud AI Chatbot
The ChatBot for WordPress is vulnerable to Stored Cross-Site Scripting via the FAQ Builder in versions 4.8.6 through 4.9.6 due to insufficient input sanitization and output escaping.
network
low complexity
quantumcloud CWE-79
4.8
2023-10-20 CVE-2023-5533 Missing Authorization vulnerability in Quantumcloud AI Chatbot
The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to missing capability checks on the corresponding functions in versions up to, and including, 4.8.9 as well as 4.9.2.
network
low complexity
quantumcloud CWE-862
critical
9.8
2023-10-20 CVE-2023-5534 Cross-Site Request Forgery (CSRF) vulnerability in Quantumcloud AI Chatbot
The AI ChatBot plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.8.9 and 4.9.2.
network
low complexity
quantumcloud CWE-352
5.4
2023-10-19 CVE-2023-5204 SQL Injection vulnerability in Quantumcloud AI Chatbot
The ChatBot plugin for WordPress is vulnerable to SQL Injection via the $strid parameter in versions up to, and including, 4.8.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
quantumcloud CWE-89
7.5
2023-10-19 CVE-2023-5212 Path Traversal vulnerability in Quantumcloud AI Chatbot
The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 4.8.9 as well as version 4.9.2.
network
low complexity
quantumcloud CWE-22
8.1
2023-10-19 CVE-2023-5241 Path Traversal vulnerability in Quantumcloud AI Chatbot
The AI ChatBot for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.8.9 as well as 4.9.2 via the qcld_openai_upload_pagetraining_file function.
network
low complexity
quantumcloud CWE-22
8.1
2023-10-19 CVE-2023-5254 Unspecified vulnerability in Quantumcloud AI Chatbot
The ChatBot plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.8.9 via the qcld_wb_chatbot_check_user function.
network
low complexity
quantumcloud
5.3