Vulnerabilities > Quantumcloud > AI Chatbot > 4.9.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-24 | CVE-2024-22309 | Deserialization of Untrusted Data vulnerability in Quantumcloud AI Chatbot Deserialization of Untrusted Data vulnerability in QuantumCloud ChatBot with AI.This issue affects ChatBot with AI: from n/a through 5.1.0. | 9.8 |
| 2023-11-02 | CVE-2023-5606 | Cross-site Scripting vulnerability in Quantumcloud AI Chatbot The ChatBot for WordPress is vulnerable to Stored Cross-Site Scripting via the FAQ Builder in versions 4.8.6 through 4.9.6 due to insufficient input sanitization and output escaping. | 4.8 |
| 2023-10-20 | CVE-2023-5533 | Missing Authorization vulnerability in Quantumcloud AI Chatbot The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to missing capability checks on the corresponding functions in versions up to, and including, 4.8.9 as well as 4.9.2. | 9.8 |
| 2023-10-20 | CVE-2023-5534 | Cross-Site Request Forgery (CSRF) vulnerability in Quantumcloud AI Chatbot The AI ChatBot plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.8.9 and 4.9.2. | 5.4 |
| 2023-10-19 | CVE-2023-5212 | Unspecified vulnerability in Quantumcloud AI Chatbot The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 4.8.9 as well as version 4.9.2. | 8.1 |
| 2023-10-19 | CVE-2023-5241 | Unspecified vulnerability in Quantumcloud AI Chatbot The AI ChatBot for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.8.9 as well as 4.9.2 via the qcld_openai_upload_pagetraining_file function. | 8.1 |