Vulnerabilities > Quantumcloud > Wpbot > 5.2.3

DATE CVE VULNERABILITY TITLE RISK
2024-07-17 CVE-2024-6669 Cross-site Scripting vulnerability in Quantumcloud Wpbot
The AI ChatBot for WordPress – WPBot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.7 due to insufficient input sanitization and output escaping.
network
low complexity
quantumcloud CWE-79
4.8
4.8
2024-05-22 CVE-2024-0451 Missing Authorization vulnerability in Quantumcloud Wpbot
The AI ChatBot plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the openai_file_list_callback function in all versions up to, and including, 5.3.4.
network
low complexity
quantumcloud CWE-862
5.0
5.0
2024-05-22 CVE-2024-0452 Missing Authorization vulnerability in Quantumcloud Wpbot
The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_upload_callback function in all versions up to, and including, 5.3.4.
network
low complexity
quantumcloud CWE-862
7.7
7.7
2024-05-22 CVE-2024-0453 Missing Authorization vulnerability in Quantumcloud Wpbot
The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_delete_callback function in all versions up to, and including, 5.3.4.
network
low complexity
quantumcloud CWE-862
7.7
7.7