The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 4.8.9 as well as version 4.9.2. This makes it possible for authenticated attackers with subscriber privileges to delete arbitrary files on the server, which makes it possible to take over affected sites as well as others sharing the same hosting account. Version 4.9.1 originally addressed the issue, but it was reintroduced in 4.9.2 and fixed again in 4.9.3.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:41
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/175371/WordPress-AI-ChatBot-4.8.9-SQL-Injection-Traversal-File-Deletion.html - Third Party Advisory, VDB Entry | |
References | () https://plugins.trac.wordpress.org/browser/chatbot/trunk/includes/openai/qcld-bot-openai.php?rev=2957286#L576 - Product | |
References | () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2977505%40chatbot%2Ftrunk&old=2967435%40chatbot%2Ftrunk&sfp_email=&sfph_mail= - Patch | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/5b3f4ccb-fcc6-42ec-8e9e-03d69ae7acf2?source=cve - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.6 |
22 Dec 2023, 19:03
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://packetstormsecurity.com/files/175371/WordPress-AI-ChatBot-4.8.9-SQL-Injection-Traversal-File-Deletion.html - Third Party Advisory, VDB Entry | |
References | (MISC) https://plugins.trac.wordpress.org/browser/chatbot/trunk/includes/openai/qcld-bot-openai.php?rev=2957286#L576 - Product |
07 Nov 2023, 04:23
Type | Values Removed | Values Added |
---|---|---|
CWE |
26 Oct 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Oct 2023, 16:39
Type | Values Removed | Values Added |
---|---|---|
First Time |
Quantumcloud ai Chatbot
Quantumcloud |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.1 |
CPE | cpe:2.3:a:quantumcloud:ai_chatbot:4.9.2:*:*:*:*:wordpress:*:* cpe:2.3:a:quantumcloud:ai_chatbot:*:*:*:*:*:wordpress:*:* |
|
CWE | CWE-22 | |
References | (MISC) https://www.wordfence.com/threat-intel/vulnerabilities/id/5b3f4ccb-fcc6-42ec-8e9e-03d69ae7acf2?source=cve - Third Party Advisory | |
References | (MISC) https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2977505%40chatbot%2Ftrunk&old=2967435%40chatbot%2Ftrunk&sfp_email=&sfph_mail= - Patch | |
References | (MISC) https://plugins.trac.wordpress.org/browser/chatbot/trunk/includes/openai/qcld-bot-openai.php?rev=2957286#L576 - Exploit |
23 Oct 2023, 14:15
Type | Values Removed | Values Added |
---|---|---|
Summary | The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 4.8.9 as well as version 4.9.2. This makes it possible for authenticated attackers with subscriber privileges to delete arbitrary files on the server, which makes it possible to take over affected sites as well as others sharing the same hosting account. Version 4.9.1 originally addressed the issue, but it was reintroduced in 4.9.2 and fixed again in 4.9.3. |
19 Oct 2023, 06:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-19 06:15
Updated : 2024-11-21 08:41
NVD link : CVE-2023-5212
Mitre link : CVE-2023-5212
CVE.ORG link : CVE-2023-5212
JSON object : View
Products Affected
quantumcloud
- ai_chatbot
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')