Vulnerabilities > Quantumcloud > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-22 | CVE-2024-0452 | Missing Authorization vulnerability in Quantumcloud Wpbot The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_upload_callback function in all versions up to, and including, 5.3.4. | 7.7 |
| 2024-05-22 | CVE-2024-0453 | Missing Authorization vulnerability in Quantumcloud Wpbot The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_delete_callback function in all versions up to, and including, 5.3.4. | 7.7 |
| 2023-12-19 | CVE-2023-48741 | SQL Injection vulnerability in Quantumcloud Wpbot Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuantumCloud AI ChatBot.This issue affects AI ChatBot: from n/a through 4.7.8. | 7.2 |
| 2023-10-19 | CVE-2023-5204 | SQL Injection vulnerability in Quantumcloud Wpbot The ChatBot plugin for WordPress is vulnerable to SQL Injection via the $strid parameter in versions up to, and including, 4.8.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2023-10-19 | CVE-2023-5212 | Path Traversal vulnerability in Quantumcloud Wpbot The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 4.8.9 as well as version 4.9.2. | 8.1 |
| 2023-10-19 | CVE-2023-5241 | Path Traversal vulnerability in Quantumcloud Wpbot The AI ChatBot for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.8.9 as well as 4.9.2 via the qcld_openai_upload_pagetraining_file function. | 8.1 |
| 2023-10-09 | CVE-2023-44993 | Cross-Site Request Forgery (CSRF) vulnerability in Quantumcloud Wpbot Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI ChatBot plugin <= 4.7.8 versions. | 8.8 |
| 2023-02-23 | CVE-2023-24415 | Cross-Site Request Forgery (CSRF) vulnerability in Quantumcloud Chatbot Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI ChatBot plugin <= 4.2.8 versions. | 8.8 |
| 2021-08-23 | CVE-2021-24506 | Unspecified vulnerability in Quantumcloud Slider Hero The Slider Hero with Animation, Video Background & Intro Maker WordPress plugin before 8.2.7 does not sanitise or escape the id attribute of its hero-button shortcode before using it in a SQL statement, allowing users with a role as low as Contributor to perform SQL injection. | 8.8 |