Filtered by vendor Quantumcloud Subscriptions
Filtered by product Wpbot Subscriptions

Search

Switch to Advanced Search (Beta)
Total 24 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-5533 1 Quantumcloud 1 Wpbot 2025-05-12 5.3 Medium
The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to missing capability checks on the corresponding functions in versions up to, and including, 4.8.9 as well as 4.9.2. This makes it possible for unauthenticated attackers to perform some of those actions that were intended for higher privileged users.
CVE-2023-5606 1 Quantumcloud 1 Wpbot 2025-05-12 4.4 Medium
The ChatBot for WordPress is vulnerable to Stored Cross-Site Scripting via the FAQ Builder in versions 4.8.6 through 4.9.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. NOTE: This vulnerability is a re-introduction of CVE-2023-4253.
CVE-2024-0453 1 Quantumcloud 1 Wpbot 2025-05-12 5 Medium
The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_delete_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete files from a linked OpenAI account.
CVE-2024-0451 1 Quantumcloud 1 Wpbot 2025-05-12 5 Medium
The AI ChatBot plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the openai_file_list_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to list files existing in a linked OpenAI account.