Vulnerabilities > Quantumcloud > AI Chatbot > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-19 | CVE-2023-48741 | SQL Injection vulnerability in Quantumcloud AI Chatbot Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuantumCloud AI ChatBot.This issue affects AI ChatBot: from n/a through 4.7.8. | 7.2 |
| 2023-10-19 | CVE-2023-5204 | Unspecified vulnerability in Quantumcloud AI Chatbot The ChatBot plugin for WordPress is vulnerable to SQL Injection via the $strid parameter in versions up to, and including, 4.8.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2023-10-19 | CVE-2023-5212 | Unspecified vulnerability in Quantumcloud AI Chatbot The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 4.8.9 as well as version 4.9.2. | 8.1 |
| 2023-10-19 | CVE-2023-5241 | Unspecified vulnerability in Quantumcloud AI Chatbot The AI ChatBot for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.8.9 as well as 4.9.2 via the qcld_openai_upload_pagetraining_file function. | 8.1 |
| 2023-10-09 | CVE-2023-44993 | Cross-Site Request Forgery (CSRF) vulnerability in Quantumcloud AI Chatbot Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI ChatBot plugin <= 4.7.8 versions. | 8.8 |