Wpbot Pro Wordpress Chatbot
Monthly
Arbitrary file deletion in QuantumCloud WPBot Pro WordPress Chatbot plugin versions 13.6.5 and earlier allows authenticated subscriber-level users to delete arbitrary files on the WordPress host via a path traversal flaw. With no public exploit identified at time of analysis, the issue still carries elevated risk because exploitation requires only the lowest-privilege WordPress role, which is auto-grantable on sites that allow open registration. Deleting files such as wp-config.php can trigger the WordPress install routine and lead to full site takeover.
Arbitrary file deletion in QuantumCloud WPBot Pro WordPress Chatbot plugin versions 13.6.5 and earlier allows authenticated subscriber-level users to delete arbitrary files on the WordPress host via a path traversal flaw. With no public exploit identified at time of analysis, the issue still carries elevated risk because exploitation requires only the lowest-privilege WordPress role, which is auto-grantable on sites that allow open registration. Deleting files such as wp-config.php can trigger the WordPress install routine and lead to full site takeover.