Quantumcloud Wpbot

27 CVEs affecting Quantumcloud Wpbot. Latest disclosed: 2025-09-09. Critical: 4, High: 2.

Top CVEs affecting Quantumcloud Wpbot
CVESeverityScorePublishedSummary
CVE-2023-5204Critical9.82023-10-19The ChatBot plugin for WordPress is vulnerable to SQL Injection via the $strid parameter in versions up to, and including, 4.8.9 due to insufficient escaping o…
CVE-2023-1650Critical9.82023-05-08The AI ChatBot WordPress plugin before 4.4.7 unserializes user input from cookies via an AJAX action available to unauthenticated users, which could allow them…
CVE-2023-5241Critical9.62023-10-19The AI ChatBot for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.8.9 as well as 4.9.2 via the qcld_openai_upload_pagetrain…
CVE-2023-5212Critical9.62023-10-19The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 4.8.9 as well as version 4.9.2. This makes it po…
CVE-2024-22309High8.72024-01-24Deserialization of Untrusted Data vulnerability in QuantumCloud ChatBot with AI.This issue affects ChatBot with AI: from n/a through 5.1.0.
CVE-2023-48741High7.62023-12-19Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuantumCloud AI ChatBot.This issue affects AI ChatBot: fr…
CVE-2023-1660Medium6.12023-05-08The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some s…
CVE-2023-1011Medium6.12023-05-08The AI ChatBot WordPress plugin before 4.4.5 does not escape most of its settings before outputting them back in the dashboard, and does not have a proper CSRF…
CVE-2022-47613Medium5.92023-03-29Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in QuantumCloud AI ChatBot plugin <= 4.3.0 versions.
CVE-2024-6669Medium5.52024-07-17The AI ChatBot for WordPress – WPBot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including…
CVE-2023-1651Medium5.42023-05-08The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in the AJAX action responsible to update the OpenAI settings, allowing any au…
CVE-2023-5533Medium5.32023-10-20The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to missing capability checks on the corresponding functions in versio…
CVE-2023-5254Medium5.32023-10-19The ChatBot plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.8.9 via the qcld_wb_chatbot_check_user fun…
CVE-2024-0453Medium5.02024-05-22The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_delete_callback fun…
CVE-2024-0452Medium5.02024-05-22The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_upload_callback fun…
CVE-2024-0451Medium5.02024-05-22The AI ChatBot plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the openai_file_list_callback function in…
CVE-2025-0329Medium4.82025-05-15The AI ChatBot for WordPress WordPress plugin before 6.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as a…
CVE-2023-4254Medium4.82023-09-04The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform…
CVE-2023-4253Medium4.82023-09-04The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform…
CVE-2023-3175Medium4.82023-07-10The AI ChatBot WordPress plugin before 4.6.1 does not adequately escape some settings, allowing high-privilege users such as admin to perform Cross-Site Script…