Vulnerabilities > Quantumcloud > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-19 | CVE-2023-48741 | SQL Injection vulnerability in Quantumcloud AI Chatbot Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuantumCloud AI ChatBot.This issue affects AI ChatBot: from n/a through 4.7.8. | 7.2 |
| 2023-10-19 | CVE-2023-5204 | Unspecified vulnerability in Quantumcloud AI Chatbot The ChatBot plugin for WordPress is vulnerable to SQL Injection via the $strid parameter in versions up to, and including, 4.8.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2023-10-19 | CVE-2023-5212 | Unspecified vulnerability in Quantumcloud AI Chatbot The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 4.8.9 as well as version 4.9.2. | 8.1 |
| 2023-10-19 | CVE-2023-5241 | Unspecified vulnerability in Quantumcloud AI Chatbot The AI ChatBot for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.8.9 as well as 4.9.2 via the qcld_openai_upload_pagetraining_file function. | 8.1 |
| 2023-10-09 | CVE-2023-44993 | Cross-Site Request Forgery (CSRF) vulnerability in Quantumcloud AI Chatbot Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI ChatBot plugin <= 4.7.8 versions. | 8.8 |
| 2023-02-23 | CVE-2023-24415 | Cross-Site Request Forgery (CSRF) vulnerability in Quantumcloud Chatbot Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI ChatBot plugin <= 4.2.8 versions. | 8.8 |
| 2022-03-21 | CVE-2022-0747 | SQL Injection vulnerability in Quantumcloud Infographic Maker The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the post_id parameter before using it in a SQL statement via the qcld_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection | 7.5 |
| 2022-03-21 | CVE-2022-0760 | SQL Injection vulnerability in Quantumcloud Simple Link Directory The Simple Link Directory WordPress plugin before 7.7.2 does not validate and escape the post_id parameter before using it in a SQL statement via the qcopd_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection | 7.5 |