Vulnerabilities > Quantumcloud > AI Chatbot > High

DATE CVE VULNERABILITY TITLE RISK
2023-12-19 CVE-2023-48741 SQL Injection vulnerability in Quantumcloud AI Chatbot
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuantumCloud AI ChatBot.This issue affects AI ChatBot: from n/a through 4.7.8.
network
low complexity
quantumcloud CWE-89
7.2
2023-10-19 CVE-2023-5204 SQL Injection vulnerability in Quantumcloud AI Chatbot
The ChatBot plugin for WordPress is vulnerable to SQL Injection via the $strid parameter in versions up to, and including, 4.8.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
quantumcloud CWE-89
7.5
2023-10-19 CVE-2023-5212 Path Traversal vulnerability in Quantumcloud AI Chatbot
The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 4.8.9 as well as version 4.9.2.
network
low complexity
quantumcloud CWE-22
8.1
2023-10-19 CVE-2023-5241 Path Traversal vulnerability in Quantumcloud AI Chatbot
The AI ChatBot for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.8.9 as well as 4.9.2 via the qcld_openai_upload_pagetraining_file function.
network
low complexity
quantumcloud CWE-22
8.1
2023-10-09 CVE-2023-44993 Cross-Site Request Forgery (CSRF) vulnerability in Quantumcloud AI Chatbot
Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI ChatBot plugin <= 4.7.8 versions.
network
low complexity
quantumcloud CWE-352
8.8