Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-05-12
CVE-2024-6669 - Chatbot Plugin
The AI ChatBot for WordPress – WPBot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
PLUGIN
Chatbot
CVE-2024-6669
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-5992 - Chatbot Plugin
The Cliengo – Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_chatbot_token' and 'update_chatbot_position' functions in all versions up to, and including, 3.0.1. This makes it possible for unauthenticated attackers to change chatbot settings, which can lead to unavailability or other changes to the chatbot.
PLUGIN
Chatbot
CVE-2024-5992
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-5993 - Chatbot Plugin
The Cliengo – Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_session' function in all versions up to, and including, 3.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the session token of the chatbot.
PLUGIN
Chatbot
CVE-2024-5993
Risk Score
Threat Entry
Updated 2025-05-12
CVE-2024-0453 - Chatbot Plugin
The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_delete_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete files from a linked OpenAI account.
PLUGIN
Chatbot
CVE-2024-0453
Risk Score
Threat Entry
Updated 2025-05-12
CVE-2024-0452 - Chatbot Plugin
The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_upload_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload files to a linked OpenAI account.
PLUGIN
Chatbot
CVE-2024-0452
Risk Score
Threat Entry
Updated 2025-05-12
CVE-2024-0451 - Chatbot Plugin
The AI ChatBot plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the openai_file_list_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to list files existing in a linked OpenAI account.
PLUGIN
Chatbot
CVE-2024-0451
Risk Score
Threat Entry
Updated 2025-06-03
CVE-2023-5691 - Chatbot Plugin
The Chatbot for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version 2.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
PLUGIN
Chatbot
CVE-2023-5691
Risk Score
Threat Entry
Updated 2025-05-12
CVE-2023-5254 - Chatbot Plugin
The ChatBot plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.8.9 via the qcld_wb_chatbot_check_user function. This can allow unauthenticated attackers to extract sensitive data including confirmation as to whether a user name exists on the site as well as order information for existing users.
PLUGIN
Chatbot
CVE-2023-5254
Risk Score
Threat Entry
Updated 2025-05-12
CVE-2023-5241 - Chatbot Plugin
The AI ChatBot for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.8.9 as well as 4.9.2 via the qcld_openai_upload_pagetraining_file function. This allows subscriber-level attackers to append "
PLUGIN
Chatbot
CVE-2023-5241
Risk Score
Threat Entry
Updated 2025-05-12
CVE-2023-5212 - Chatbot Plugin
The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 4.8.9 as well as version 4.9.2. This makes it possible for authenticated attackers with subscriber privileges to delete arbitrary files on the server, which makes it possible to take over affected sites as well as others sharing the same hosting account. Version 4.9.1 originally addressed the issue, but it was reintroduced in 4.9.2 and fixed again in 4.9.3.
PLUGIN
Chatbot
CVE-2023-5212
Risk Score
Threat Entry
Updated 2025-05-12
CVE-2023-5204 - Chatbot Plugin
The ChatBot plugin for WordPress is vulnerable to SQL Injection via the $strid parameter in versions up to, and including, 4.8.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
PLUGIN
Chatbot
CVE-2023-5204
Risk Score