Quantumcloud Wpbot
27 CVEs affecting Quantumcloud Wpbot. Latest disclosed: 2025-09-09. Critical: 4, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-5204 | Critical | 9.8 | 2023-10-19 | The ChatBot plugin for WordPress is vulnerable to SQL Injection via the $strid parameter in versions up to, and including, 4.8.9 due to insufficient escaping o… |
CVE-2023-1650 | Critical | 9.8 | 2023-05-08 | The AI ChatBot WordPress plugin before 4.4.7 unserializes user input from cookies via an AJAX action available to unauthenticated users, which could allow them… |
CVE-2023-5241 | Critical | 9.6 | 2023-10-19 | The AI ChatBot for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.8.9 as well as 4.9.2 via the qcld_openai_upload_pagetrain… |
CVE-2023-5212 | Critical | 9.6 | 2023-10-19 | The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 4.8.9 as well as version 4.9.2. This makes it po… |
CVE-2024-22309 | High | 8.7 | 2024-01-24 | Deserialization of Untrusted Data vulnerability in QuantumCloud ChatBot with AI.This issue affects ChatBot with AI: from n/a through 5.1.0. |
CVE-2023-48741 | High | 7.6 | 2023-12-19 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuantumCloud AI ChatBot.This issue affects AI ChatBot: fr… |
CVE-2023-1660 | Medium | 6.1 | 2023-05-08 | The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some s… |
CVE-2023-1011 | Medium | 6.1 | 2023-05-08 | The AI ChatBot WordPress plugin before 4.4.5 does not escape most of its settings before outputting them back in the dashboard, and does not have a proper CSRF… |
CVE-2022-47613 | Medium | 5.9 | 2023-03-29 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in QuantumCloud AI ChatBot plugin <= 4.3.0 versions. |
CVE-2024-6669 | Medium | 5.5 | 2024-07-17 | The AI ChatBot for WordPress – WPBot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including… |
CVE-2023-1651 | Medium | 5.4 | 2023-05-08 | The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in the AJAX action responsible to update the OpenAI settings, allowing any au… |
CVE-2023-5533 | Medium | 5.3 | 2023-10-20 | The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to missing capability checks on the corresponding functions in versio… |
CVE-2023-5254 | Medium | 5.3 | 2023-10-19 | The ChatBot plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.8.9 via the qcld_wb_chatbot_check_user fun… |
CVE-2024-0453 | Medium | 5.0 | 2024-05-22 | The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_delete_callback fun… |
CVE-2024-0452 | Medium | 5.0 | 2024-05-22 | The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_upload_callback fun… |
CVE-2024-0451 | Medium | 5.0 | 2024-05-22 | The AI ChatBot plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the openai_file_list_callback function in… |
CVE-2025-0329 | Medium | 4.8 | 2025-05-15 | The AI ChatBot for WordPress WordPress plugin before 6.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as a… |
CVE-2023-4254 | Medium | 4.8 | 2023-09-04 | The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform… |
CVE-2023-4253 | Medium | 4.8 | 2023-09-04 | The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform… |
CVE-2023-3175 | Medium | 4.8 | 2023-07-10 | The AI ChatBot WordPress plugin before 4.6.1 does not adequately escape some settings, allowing high-privilege users such as admin to perform Cross-Site Script… |