Skip to main content

Wpbot Pro Wordpress Chatbot

1 CVEs product

Monthly

CVE-2025-60223 HIGH This Week

Arbitrary file deletion in QuantumCloud WPBot Pro WordPress Chatbot plugin versions 13.6.5 and earlier allows authenticated subscriber-level users to delete arbitrary files on the WordPress host via a path traversal flaw. With no public exploit identified at time of analysis, the issue still carries elevated risk because exploitation requires only the lowest-privilege WordPress role, which is auto-grantable on sites that allow open registration. Deleting files such as wp-config.php can trigger the WordPress install routine and lead to full site takeover.

Path Traversal WordPress Wpbot Pro Wordpress Chatbot
NVD
CVSS 3.1
7.7
EPSS
0.4%
EPSS 0% CVSS 7.7
HIGH This Week

Arbitrary file deletion in QuantumCloud WPBot Pro WordPress Chatbot plugin versions 13.6.5 and earlier allows authenticated subscriber-level users to delete arbitrary files on the WordPress host via a path traversal flaw. With no public exploit identified at time of analysis, the issue still carries elevated risk because exploitation requires only the lowest-privilege WordPress role, which is auto-grantable on sites that allow open registration. Deleting files such as wp-config.php can trigger the WordPress install routine and lead to full site takeover.

Path Traversal WordPress Wpbot Pro Wordpress Chatbot
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy