CVE-2023-5212
AI ChatBot <= 4.8.9 and 4.9.2- Authenticated (Subscriber+) Arbitrary File Deletion via qcld_openai_delete_training_file
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 4.8.9 as well as version 4.9.2. This makes it possible for authenticated attackers with subscriber privileges to delete arbitrary files on the server, which makes it possible to take over affected sites as well as others sharing the same hosting account. Version 4.9.1 originally addressed the issue, but it was reintroduced in 4.9.2 and fixed again in 4.9.3.
El complemento AI ChatBot para WordPress es vulnerable a la eliminación arbitraria de archivos en versiones hasta la 4.8.9 incluida, así como en la versión 4.9.2. Esto hace posible que atacantes autenticados con privilegios de suscriptor eliminen archivos arbitrarios en el servidor, lo que hace posible hacerse cargo de los sitios afectados, así como de otros que comparten la misma cuenta de alojamiento. La versión 4.9.1 solucionó originalmente el problema, pero se reintrodujo en 4.9.2 y se solucionó nuevamente en 4.9.3.
WordPress AI ChatBot plugin versions 4.8.9 and below suffer from arbitrary file deletion, remote SQL injection, and directory traversal vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-09-26 CVE Reserved
- 2023-10-11 CVE Published
- 2024-08-02 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (4)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Quantumcloud Search vendor "Quantumcloud" | Ai Chatbot Search vendor "Quantumcloud" for product "Ai Chatbot" | < 4.9.1 Search vendor "Quantumcloud" for product "Ai Chatbot" and version " < 4.9.1" | wordpress |
Affected
| ||||||
Quantumcloud Search vendor "Quantumcloud" | Ai Chatbot Search vendor "Quantumcloud" for product "Ai Chatbot" | 4.9.2 Search vendor "Quantumcloud" for product "Ai Chatbot" and version "4.9.2" | wordpress |
Affected
|