Skip to main content

Woowbot Pro Max

1 CVEs product

Monthly

CVE-2026-57710 CRITICAL Act Now

Arbitrary file upload in the WoowBot Pro Max WordPress plugin (quantumcloud) through version 14.1.7 allows an authenticated attacker to upload files of dangerous types, leading to remote code execution on the underlying WordPress host. The scope-change CVSS 9.9 reflects that a low-privileged account can pivot to full server compromise. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but Patchstack has confirmed and cataloged the flaw.

File Upload Woowbot Pro Max
NVD VulDB
CVSS 3.1
9.9
EPSS
0.5%
EPSS 0% CVSS 9.9
CRITICAL Act Now

Arbitrary file upload in the WoowBot Pro Max WordPress plugin (quantumcloud) through version 14.1.7 allows an authenticated attacker to upload files of dangerous types, leading to remote code execution on the underlying WordPress host. The scope-change CVSS 9.9 reflects that a low-privileged account can pivot to full server compromise. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but Patchstack has confirmed and cataloged the flaw.

File Upload Woowbot Pro Max
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy