AI ChatBot for WordPress – WPBot

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   AI ChatBot for WordPress – WPBot

Information

Software Type Plugin
Software Slug chatbot (view on wordpress.org)
Software Status Active
Software Author quantumcloud
Software Website wordpress.org
Software Downloads 459,502
Software Active Installs 5,000
Software Record Last Updated July 27, 2024

Showing 1-20 of 27 Vulnerabilities

AI ChatBot for WordPress – WPBot <= 5.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
5.5
CVE-2024-6669
Jul 16, 2024
Researcher: Artem Polynko (Artem Polynko)
AI ChatBot <= 5.3.4 - Missing Authorization via openai_file_delete_callback
5.0
CVE-2024-0453
May 21, 2024
Researcher: Francesco Carlucci
AI ChatBot <= 5.3.4 - Missing Authorization via openai_file_upload_callback
5.0
CVE-2024-0452
May 21, 2024
Researcher: Francesco Carlucci
AI ChatBot <= 5.3.4 - Missing Authorization via openai_file_list_callback
5.0
CVE-2024-0451
May 21, 2024
Researcher: Francesco Carlucci
ChatBot <= 5.1.0 - Unauthenticated PHP Object Injection
9.8
CVE-2024-22309
Jan 19, 2024
Researcher: Le Ngoc Anh
ChatBot <= 4.7.8 - Authenticated (Administrator+) SQL Injection
7.2
CVE-2023-48741
Nov 23, 2023
Researcher: Mika
ChatBot 4.8.6 - 4.9.6 - Authenticated (Administrator+) Stored Cross-Site Scripting in FAQ Builder
4.4
CVE-2023-5606
Nov 1, 2023
Researcher: Huynh Tien Si
AI ChatBot <= 4.8.9 - Unauthenticated Sensitive Information Exposure via qcld_wb_chatbot_check_user
5.3
CVE-2023-5254
Oct 11, 2023
Researcher: Marco Wotschka
AI ChatBot <= 4.8.9 and 4.9.2 - Authenticated (Subscriber+) Directory Traversal to Arbitrary File Write via qcld_openai_upload_pagetraining_file
9.6
CVE-2023-5241
Oct 11, 2023
Researcher: Marco Wotschka
AI ChatBot <= 4.8.9 and 4.9.2- Authenticated (Subscriber+) Arbitrary File Deletion via qcld_openai_delete_training_file
9.6
CVE-2023-5212
Oct 11, 2023
Researchers: Marco Wotschka, Chloe Chamberland
AI ChatBot <= 4.8.9 - Unauthenticated SQL Injection via qc_wpbo_search_response
9.8
CVE-2023-5204
Oct 11, 2023
Researcher: Marco Wotschka
AI ChatBot <= 4.8.9 and 4.9.2 - Cross-Site Request Forgery on AJAX actions
4.3
CVE-2023-5534
Oct 11, 2023
Researcher: Marco Wotschka
AI ChatBot <= 4.8.9 and 4.9.2 - Missing Authorization on AJAX actions
5.3
CVE-2023-5533
Oct 11, 2023
Researcher: Marco Wotschka
ChatBot <= 4.7.8 - Cross-Site Request Forgery via qc_wp_latest_update_check
5.3
CVE-2023-44993
Oct 3, 2023
Researcher: Mika
ChatBot 4.7.7 - Authenticated (Administrator+) Stored Cross-Site Scripting in Language Settings
4.4
CVE-2023-4254
Aug 8, 2023
Researcher: Bob Matyas
ChatBot <= 4.7.7 - Authenticated (Administrator+) Stored Cross-Site Scripting in FAQ Builder
4.4
CVE-2023-4253
Aug 8, 2023
Researcher: Nguyen Hoang Nam
AI ChatBot <= 4.5.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-2811
May 25, 2023
Researcher: NGO VAN TU
AI ChatBot <= 4.5.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-2742
May 22, 2023
Researcher: Hao Huynh
AI ChatBot <= 4.6.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-3175
May 22, 2023
Researcher: NGO VAN TU
ChatBot <= 4.4.4 - Unauthenticated Stored Cross-Site Scripting via Cross-Site Request Forgery
6.1
CVE-2023-1011
Apr 20, 2023
Researcher: Erwan LR
Title Status CVE ID CVSS Researchers Date
AI ChatBot for WordPress – WPBot <= 5.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting Patched CVE-2024-6669 5.5 Artem Polynko (Artem Polynko) July 16, 2024
AI ChatBot <= 5.3.4 - Missing Authorization via openai_file_delete_callback Patched CVE-2024-0453 5.0 Francesco Carlucci May 21, 2024
AI ChatBot <= 5.3.4 - Missing Authorization via openai_file_upload_callback Patched CVE-2024-0452 5.0 Francesco Carlucci May 21, 2024
AI ChatBot <= 5.3.4 - Missing Authorization via openai_file_list_callback Patched CVE-2024-0451 5.0 Francesco Carlucci May 21, 2024
ChatBot <= 5.1.0 - Unauthenticated PHP Object Injection Patched CVE-2024-22309 9.8 Le Ngoc Anh January 19, 2024
ChatBot <= 4.7.8 - Authenticated (Administrator+) SQL Injection Patched CVE-2023-48741 7.2 Mika November 23, 2023
ChatBot 4.8.6 - 4.9.6 - Authenticated (Administrator+) Stored Cross-Site Scripting in FAQ Builder Patched CVE-2023-5606 4.4 Huynh Tien Si November 1, 2023
AI ChatBot <= 4.8.9 - Unauthenticated Sensitive Information Exposure via qcld_wb_chatbot_check_user Patched CVE-2023-5254 5.3 Marco Wotschka October 11, 2023
AI ChatBot <= 4.8.9 and 4.9.2 - Authenticated (Subscriber+) Directory Traversal to Arbitrary File Write via qcld_openai_upload_pagetraining_file Patched CVE-2023-5241 9.6 Marco Wotschka October 11, 2023
AI ChatBot <= 4.8.9 and 4.9.2- Authenticated (Subscriber+) Arbitrary File Deletion via qcld_openai_delete_training_file Patched CVE-2023-5212 9.6 Marco Wotschka, Chloe Chamberland October 11, 2023
AI ChatBot <= 4.8.9 - Unauthenticated SQL Injection via qc_wpbo_search_response Patched CVE-2023-5204 9.8 Marco Wotschka October 11, 2023
AI ChatBot <= 4.8.9 and 4.9.2 - Cross-Site Request Forgery on AJAX actions Patched CVE-2023-5534 4.3 Marco Wotschka October 11, 2023
AI ChatBot <= 4.8.9 and 4.9.2 - Missing Authorization on AJAX actions Patched CVE-2023-5533 5.3 Marco Wotschka October 11, 2023
ChatBot <= 4.7.8 - Cross-Site Request Forgery via qc_wp_latest_update_check Patched CVE-2023-44993 5.3 Mika October 3, 2023
ChatBot 4.7.7 - Authenticated (Administrator+) Stored Cross-Site Scripting in Language Settings Patched CVE-2023-4254 4.4 Bob Matyas August 8, 2023
ChatBot <= 4.7.7 - Authenticated (Administrator+) Stored Cross-Site Scripting in FAQ Builder Patched CVE-2023-4253 4.4 Nguyen Hoang Nam August 8, 2023
AI ChatBot <= 4.5.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Patched CVE-2023-2811 4.4 NGO VAN TU May 25, 2023
AI ChatBot <= 4.5.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Patched CVE-2023-2742 4.4 Hao Huynh May 22, 2023
AI ChatBot <= 4.6.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Patched CVE-2023-3175 4.4 NGO VAN TU May 22, 2023
ChatBot <= 4.4.4 - Unauthenticated Stored Cross-Site Scripting via Cross-Site Request Forgery Patched CVE-2023-1011 6.1 Erwan LR April 20, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation