Skip to main content

Chatbot

6 CVEs product

Monthly

CVE-2026-57363 HIGH This Week

Stored cross-site scripting in the QuantumCloud ChatBot WordPress plugin (versions through 8.3.7) lets an attacker persist malicious script that executes in another user's browser when the affected page is viewed. The CVSS 3.1 vector (AV:N/PR:N/UI:R/S:C) indicates a network-reachable, unauthenticated injection point that requires a victim to load the poisoned content and crosses a privilege boundary into the rendering context. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.

XSS Chatbot
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2026-57362 HIGH This Week

Reflected cross-site scripting in the QuantumCloud ChatBot WordPress plugin (versions 8.3.2 and earlier) lets unauthenticated remote attackers inject malicious script that executes in a victim's browser when they follow a crafted link. The CVSS 3.1 score is 7.1 with a scope change (S:C), reflecting that injected script runs in the security context of the WordPress site rather than the vulnerable component alone. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.

XSS Chatbot
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2026-40788 HIGH This Week

Broken access control in the QuantumCloud ChatBot plugin for WordPress (versions <= 7.9.7) allows authenticated low-privileged users (Subscriber role) to invoke restricted plugin functionality without proper authorization checks, leading to integrity tampering and availability disruption. Reported by Patchstack and tracked as EUVD-2026-36991, with no public exploit identified at time of analysis.

Authentication Bypass Chatbot
NVD VulDB
CVSS 3.1
7.1
EPSS
0.3%
CVE-2026-32499 CRITICAL Act Now

A blind SQL injection vulnerability exists in QuantumCloud ChatBot plugin affecting versions up to and including 7.7.9, allowing attackers to execute arbitrary SQL commands through improper neutralization of special elements in SQL queries. The vulnerability impacts all installations of the ChatBot plugin across the affected version range, potentially enabling unauthorized data extraction, manipulation, or deletion depending on database permissions. While no CVSS score or EPSS data is currently available, the blind SQL injection classification indicates a high-risk condition requiring immediate patching.

SQLi Chatbot
NVD VulDB
CVSS 3.1
9.3
EPSS
0.0%
CVE-2023-5691 MEDIUM PATCH This Month

The Chatbot for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version 2.3.9 due to insufficient input sanitization and output escaping. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Chatbot
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-24415 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI ChatBot plugin <= 4.2.8 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Chatbot
NVD
CVSS 3.1
8.8
EPSS
0.3%
EPSS 0% CVSS 7.1
HIGH This Week

Stored cross-site scripting in the QuantumCloud ChatBot WordPress plugin (versions through 8.3.7) lets an attacker persist malicious script that executes in another user's browser when the affected page is viewed. The CVSS 3.1 vector (AV:N/PR:N/UI:R/S:C) indicates a network-reachable, unauthenticated injection point that requires a victim to load the poisoned content and crosses a privilege boundary into the rendering context. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.

XSS Chatbot
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Reflected cross-site scripting in the QuantumCloud ChatBot WordPress plugin (versions 8.3.2 and earlier) lets unauthenticated remote attackers inject malicious script that executes in a victim's browser when they follow a crafted link. The CVSS 3.1 score is 7.1 with a scope change (S:C), reflecting that injected script runs in the security context of the WordPress site rather than the vulnerable component alone. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.

XSS Chatbot
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Broken access control in the QuantumCloud ChatBot plugin for WordPress (versions <= 7.9.7) allows authenticated low-privileged users (Subscriber role) to invoke restricted plugin functionality without proper authorization checks, leading to integrity tampering and availability disruption. Reported by Patchstack and tracked as EUVD-2026-36991, with no public exploit identified at time of analysis.

Authentication Bypass Chatbot
NVD VulDB
EPSS 0% CVSS 9.3
CRITICAL Act Now

A blind SQL injection vulnerability exists in QuantumCloud ChatBot plugin affecting versions up to and including 7.7.9, allowing attackers to execute arbitrary SQL commands through improper neutralization of special elements in SQL queries. The vulnerability impacts all installations of the ChatBot plugin across the affected version range, potentially enabling unauthorized data extraction, manipulation, or deletion depending on database permissions. While no CVSS score or EPSS data is currently available, the blind SQL injection classification indicates a high-risk condition requiring immediate patching.

SQLi Chatbot
NVD VulDB
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

The Chatbot for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version 2.3.9 due to insufficient input sanitization and output escaping. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Chatbot
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI ChatBot plugin <= 4.2.8 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Chatbot
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy