AI ChatBot for WordPress – WPBot

Information

Software Type Plugin
Software Slug chatbot (view on wordpress.org)
Software Status Active
Software Author quantumcloud
Software Website wordpress.org
Software Downloads 458,929
Software Active Installs 5,000
Software Record Last Updated July 25, 2024

Showing 1-20 of 27 Vulnerabilities

Title Status CVE ID CVSS Researchers Date
AI ChatBot for WordPress – WPBot <= 5.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting Patched CVE-2024-6669 5.5 Artem Polynko (Artem Polynko) July 16, 2024
AI ChatBot <= 5.3.4 - Missing Authorization via openai_file_delete_callback Patched CVE-2024-0453 5.0 Francesco Carlucci May 21, 2024
AI ChatBot <= 5.3.4 - Missing Authorization via openai_file_upload_callback Patched CVE-2024-0452 5.0 Francesco Carlucci May 21, 2024
AI ChatBot <= 5.3.4 - Missing Authorization via openai_file_list_callback Patched CVE-2024-0451 5.0 Francesco Carlucci May 21, 2024
ChatBot <= 5.1.0 - Unauthenticated PHP Object Injection Patched CVE-2024-22309 9.8 Le Ngoc Anh January 19, 2024
ChatBot <= 4.7.8 - Authenticated (Administrator+) SQL Injection Patched CVE-2023-48741 7.2 Mika November 23, 2023
ChatBot 4.8.6 - 4.9.6 - Authenticated (Administrator+) Stored Cross-Site Scripting in FAQ Builder Patched CVE-2023-5606 4.4 Huynh Tien Si November 1, 2023
AI ChatBot <= 4.8.9 - Unauthenticated Sensitive Information Exposure via qcld_wb_chatbot_check_user Patched CVE-2023-5254 5.3 Marco Wotschka October 11, 2023
AI ChatBot <= 4.8.9 and 4.9.2 - Authenticated (Subscriber+) Directory Traversal to Arbitrary File Write via qcld_openai_upload_pagetraining_file Patched CVE-2023-5241 9.6 Marco Wotschka October 11, 2023
AI ChatBot <= 4.8.9 and 4.9.2- Authenticated (Subscriber+) Arbitrary File Deletion via qcld_openai_delete_training_file Patched CVE-2023-5212 9.6 Marco Wotschka, Chloe Chamberland October 11, 2023
AI ChatBot <= 4.8.9 - Unauthenticated SQL Injection via qc_wpbo_search_response Patched CVE-2023-5204 9.8 Marco Wotschka October 11, 2023
AI ChatBot <= 4.8.9 and 4.9.2 - Cross-Site Request Forgery on AJAX actions Patched CVE-2023-5534 4.3 Marco Wotschka October 11, 2023
AI ChatBot <= 4.8.9 and 4.9.2 - Missing Authorization on AJAX actions Patched CVE-2023-5533 5.3 Marco Wotschka October 11, 2023
ChatBot <= 4.7.8 - Cross-Site Request Forgery via qc_wp_latest_update_check Patched CVE-2023-44993 5.3 Mika October 3, 2023
ChatBot 4.7.7 - Authenticated (Administrator+) Stored Cross-Site Scripting in Language Settings Patched CVE-2023-4254 4.4 Bob Matyas August 8, 2023
ChatBot <= 4.7.7 - Authenticated (Administrator+) Stored Cross-Site Scripting in FAQ Builder Patched CVE-2023-4253 4.4 Nguyen Hoang Nam August 8, 2023
AI ChatBot <= 4.5.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Patched CVE-2023-2811 4.4 NGO VAN TU May 25, 2023
AI ChatBot <= 4.5.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Patched CVE-2023-2742 4.4 Hao Huynh May 22, 2023
AI ChatBot <= 4.6.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Patched CVE-2023-3175 4.4 NGO VAN TU May 22, 2023
ChatBot <= 4.4.4 - Unauthenticated Stored Cross-Site Scripting via Cross-Site Request Forgery Patched CVE-2023-1011 6.1 Erwan LR April 20, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation