Approved changes feed: RSS · Atom
cpe:2.3:a:quantumcloud:wpbot:*:*:*:*:free:wordpress:*:*
part: a version: * update: *
| Vendor | Quantumcloud (fc50f2d3-47a6-505c-9932-77dd419877b0) |
|---|---|
| Product | Wpbot (e1db7206-6e55-5b06-b2b7-bbfa8e77bcbe) |
| Edition | * |
| Language | * |
| Software edition | free |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-9111 |
vulnerable | 2026-06-03 15:13:45.473834 |
WPBOT < 7.1.0 - Admin+ Stored XSS
The AI ChatBot for WordPress WordPress plugin before 7.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Published: 2025-09-09T06:00:09.219Z
Updated: 2025-11-13T20:57:08.301Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-0329 |
vulnerable | 2026-06-03 14:58:32.060702 |
AI ChatBot for WordPress – WPBot < 6.2.4 - Admin+ Stored XSS
The AI ChatBot for WordPress WordPress plugin before 6.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Published: 2025-05-15T20:07:24.900Z
Updated: 2025-05-20T19:12:24.053Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-0453 |
vulnerable | 2026-06-03 14:54:02.788965 |
AI ChatBot <= 5.3.4 - Missing Authorization via openai_file_delete_callback
MEDIUM (5)
The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_delete_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete files from a linked OpenAI account.
Published: 2024-05-22T03:17:49.652Z
Updated: 2026-04-08T17:03:01.546Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-0452 |
vulnerable | 2026-06-03 14:54:02.788600 |
AI ChatBot <= 5.3.4 - Missing Authorization via openai_file_upload_callback
MEDIUM (5)
The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_upload_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload files to a linked OpenAI account.
Published: 2024-05-22T03:17:49.191Z
Updated: 2026-04-08T16:45:49.053Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-0451 |
vulnerable | 2026-06-03 14:54:02.788111 |
AI ChatBot <= 5.3.4 - Missing Authorization via openai_file_list_callback
MEDIUM (5)
The AI ChatBot plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the openai_file_list_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to list files existing in a linked OpenAI account.
Published: 2024-05-22T03:17:48.588Z
Updated: 2026-04-08T16:38:24.525Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.