Wpbot
This hub aggregates every CVE we track for Wpbot, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
27
CVEs tracked
4
Critical
2
High
0
In CISA KEV
Severity distribution
MEDIUM20CRITICAL4HIGH2LOW1
Monthly trend
1
0
0
0
0
0
0
0
0
0
1
0
0
0
1
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Wpbot.
- CVE-2025-9111WPBOT < 7.1.0 - Admin+ Stored XSS3.5
- CVE-2025-0329AI ChatBot for WordPress – WPBot < 6.2.4 - Admin+ Stored XSS4.8
- CVE-2024-6669AI ChatBot for WordPress – WPBot <= 5.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting5.5
- CVE-2024-0453AI ChatBot <= 5.3.4 - Missing Authorization via openai_file_delete_callback5.0
- CVE-2024-0452AI ChatBot <= 5.3.4 - Missing Authorization via openai_file_upload_callback5.0
- CVE-2024-0451AI ChatBot <= 5.3.4 - Missing Authorization via openai_file_list_callback5.0
- CVE-2024-22309WordPress ChatBot Plugin <= 5.1.0 is vulnerable to PHP Object Injection8.7
- CVE-2023-48741WordPress ChatBot Plugin <= 4.7.8 is vulnerable to SQL Injection7.6
- CVE-2023-5606The ChatBot for WordPress is vulnerable to Stored Cross-Site Scripting via the FAQ Builder in versions 4.8.6 through 4.9.6 due to insufficient input sanitization and output escaping. This makes it ...4.4
- CVE-2023-5533AI ChatBot <= 4.8.9 and 4.9.2 - Missing Authorization on AJAX actions5.3
- CVE-2023-5534AI ChatBot <= 4.8.9 and 4.9.2 - Cross-Site Request Forgery on AJAX actions4.3
- CVE-2023-5254AI ChatBot <= 4.8.9 - Unauthenticated Sensitive Information Exposure via qcld_wb_chatbot_check_user5.3
- CVE-2023-5212AI ChatBot <= 4.8.9 and 4.9.2- Authenticated (Subscriber+) Arbitrary File Deletion via qcld_openai_delete_training_file9.6
- CVE-2023-5204AI ChatBot <= 4.8.9 - Unauthenticated SQL Injection via qc_wpbo_search_response9.8
- CVE-2023-5241AI ChatBot <= 4.8.9 and 4.9.2 - Authenticated (Subscriber+) Directory Traversal to Arbitrary File Write via qcld_openai_upload_pagetraining_file9.6
Product normalization is registry-driven with AI assist and human review. How it works