CVE-2025-9111

Low CVSS: 3.5

The AI ChatBot for WordPress WordPress plugin before 7.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Vendor

Quantumcloud

Product

Wpbot

CWE

CWE-79

Yayın Tarihi

2025-09-09 06:15:35

Güncelleme

2025-11-13 21:15:55

Source Identifier

contact@wpscan.com

KEV Date Added

Kategoriler

CWE-79 Wpbot LOW Quantumcloud 2025

Referanslar

https://wpscan.com/vulnerability/5845bcff-beb8-45c8-b182-3dc9e209008b/

Benzer Kayıtlar

Medium

CVE-2025-0329

The AI ChatBot for WordPress WordPress plugin before 6.2.4 does not sanitise and escape some of its settings, which cou…

Critical

CVE-2024-6809

The Simple Video Directory WordPress plugin before 1.4.3 does not properly sanitise and escape a parameter before using…

Medium

CVE-2024-12879

The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing…