Vulnerabilities (CVE)

Filtered by vendor Quantumcloud Subscribe
Filtered by product Ai Chatbot
Total 22 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-1660 1 Quantumcloud 1 Ai Chatbot 2024-02-28 N/A 6.1 MEDIUM
The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboard
CVE-2023-1649 1 Quantumcloud 1 Ai Chatbot 2024-02-28 N/A 4.8 MEDIUM
The AI ChatBot WordPress plugin before 4.5.1 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)