CVE-2025-47582 – WordPress WPBot Pro Wordpress Chatbot <= 12.7.0 - PHP Object Injection Vulnerability

https://notcve.org/view.php?id=CVE-2025-47582

14 May 2025 — Deserialization of Untrusted Data vulnerability in QuantumCloud WPBot Pro Wordpress Chatbot allows Object Injection.This issue affects WPBot Pro Wordpress Chatbot: from n/a through 12.7.0. The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 12.7.0 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means ... • https://patchstack.com/database/wordpress/plugin/wpbot-pro/vulnerability/wordpress-wpbot-pro-wordpress-chatbot-12-7-0-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •