{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T22:31:00.849","vulnerabilities":[{"cve":{"id":"CVE-2023-5241","sourceIdentifier":"security@wordfence.com","published":"2023-10-19T06:15:11.690","lastModified":"2026-04-08T17:17:06.743","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The AI ChatBot for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.8.9 as well as 4.9.2 via the qcld_openai_upload_pagetraining_file function. This allows subscriber-level attackers to append \"<?php\" to any existing file on the server resulting in potential DoS when appended to critical files such as wp-config.php."},{"lang":"es","value":"AI ChatBot para WordPress es vulnerable a Directory Traversal en versiones hasta 4.8.9 y 4.9.2 incluida a través de la función qcld_openai_upload_pagetraining_file. Esto permite a atacantes a nivel de suscriptor agregar \""}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":5.8},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:quantumcloud:wpbot:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"4.9.1","matchCriteriaId":"FB2F9E00-15D5-41DA-AE9B-8D808A6F6238"},{"vulnerable":true,"criteria":"cpe:2.3:a:quantumcloud:wpbot:4.9.2:*:*:*:*:wordpress:*:*","matchCriteriaId":"722B3265-A837-405D-8813-64634D1E0E24"}]}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/chatbot/trunk/includes/openai/qcld-bot-openai.php#L376","source":"security@wordfence.com","tags":["Product"]},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2977505%40chatbot%2Ftrunk&old=2967435%40chatbot%2Ftrunk&sfp_email=&sfph_mail=","source":"security@wordfence.com","tags":["Patch"]},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/25199281-5286-4d75-8d27-26ce215e0993?source=cve","source":"security@wordfence.com","tags":["Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/175371/WordPress-AI-ChatBot-4.8.9-SQL-Injection-Traversal-File-Deletion.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://plugins.trac.wordpress.org/browser/chatbot/trunk/includes/openai/qcld-bot-openai.php#L376","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2977505%40chatbot%2Ftrunk&old=2967435%40chatbot%2Ftrunk&sfp_email=&sfph_mail=","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/25199281-5286-4d75-8d27-26ce215e0993?source=cve","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}