Filtered by vendor Quantumcloud
Subscriptions
Total
64 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-57414 | 2 Quantumcloud, Wordpress | 2 Chatbot For Ecommerce – Woowbot, Wordpress | 2026-07-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuantumCloud ChatBot for eCommerce – WoowBot woowbot-woocommerce-chatbot allows Stored XSS.This issue affects ChatBot for eCommerce – WoowBot: from n/a through <= 4.6.1. | ||||
| CVE-2026-57710 | 2 Quantumcloud, Wordpress | 2 Woowbot Pro Max, Wordpress | 2026-07-13 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in quantumcloud WoowBot Pro Max woowbot-pro-max allows Using Malicious Files.This issue affects WoowBot Pro Max: from n/a through <= 14.1.7. | ||||
| CVE-2026-57363 | 2 Quantumcloud, Wordpress | 2 Chatbot, Wordpress | 2026-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuantumCloud ChatBot chatbot allows Stored XSS.This issue affects ChatBot: from n/a through <= 8.3.7. | ||||
| CVE-2026-13731 | 2 Quantumcloud, Wordpress | 2 Wpbot – Ai Chatbot For Live Support, Lead Generation, Ai Services, Wordpress | 2026-07-06 | 7.2 High |
| The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'conversation' parameter in all versions up to, and including, 8.4.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The AJAX nonce required to authenticate the save request is publicly emitted on every frontend page via wp_localize_script, making it freely obtainable by any anonymous visitor and removing any practical barrier to exploitation. | ||||
| CVE-2026-57682 | 2 Quantumcloud, Wordpress | 2 Simple Link Directory, Wordpress | 2026-07-02 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Simple Link Directory <= 15.0.5 versions. | ||||
| CVE-2026-57362 | 2 Quantumcloud, Wordpress | 2 Chatbot, Wordpress | 2026-07-02 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in ChatBot <= 8.3.2 versions. | ||||
| CVE-2025-60223 | 2 Quantumcloud, Wordpress | 2 Wpbot Pro Wordpress Chatbot, Wordpress | 2026-06-20 | 7.7 High |
| Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot <= 13.6.5 versions. | ||||
| CVE-2024-32729 | 2 Quantumcloud, Wordpress | 2 Conversational Forms For Chatbot, Wordpress | 2026-06-17 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in QuantumCloud Conversational Forms for ChatBot allows Path Traversal. This issue affects Conversational Forms for ChatBot: from n/a through 1.1.8. | ||||
| CVE-2026-40788 | 2 Quantumcloud, Wordpress | 2 Chatbot, Wordpress | 2026-06-16 | 7.1 High |
| Subscriber Broken Access Control in ChatBot <= 7.9.7 versions. | ||||
| CVE-2026-53741 | 2 Quantumcloud, Wordpress | 2 Simple Link Directory, Wordpress | 2026-06-11 | 5.4 Medium |
| Simple Link Directory through 9.0.4 interpolates the sld_no_results_found option into a JavaScript string literal without encoding. Because sanitize_text_field leaves quotes intact, a stored payload breaks out of the string and runs script for every page visitor. | ||||
| CVE-2026-53742 | 2 Quantumcloud, Wordpress | 2 Simple Link Directory, Wordpress | 2026-06-11 | 5.4 Medium |
| Simple Link Directory through 9.0.4 echoes embed shortcode attributes into HTML data attributes without escaping in the embedder template. Attackers with contributor access can craft a shortcode attribute that injects an event handler executing in a viewer's browser. | ||||
| CVE-2026-7209 | 2 Quantumcloud, Wordpress | 2 Simple Link Directory, Wordpress | 2026-05-04 | 6.4 Medium |
| The Simple Link Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `qcopd-directory` shortcode in all versions up to, and including, 8.9.2. This is due to insufficient input sanitization and output escaping on user supplied attributes such as `title_font_size`. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-34380 | 2 Quantumcloud, Wordpress | 2 Conversational Forms For Chatbot, Wordpress | 2026-04-28 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuantumCloud Conversational Forms for ChatBot allows Stored XSS.This issue affects Conversational Forms for ChatBot: from n/a through 1.2.0. | ||||
| CVE-2024-22309 | 1 Quantumcloud | 1 Wpbot | 2026-04-28 | 8.7 High |
| Deserialization of Untrusted Data vulnerability in QuantumCloud ChatBot with AI.This issue affects ChatBot with AI: from n/a through 5.1.0. | ||||
| CVE-2023-48741 | 1 Quantumcloud | 1 Wpbot | 2026-04-28 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuantumCloud AI ChatBot.This issue affects AI ChatBot: from n/a through 4.7.8. | ||||
| CVE-2025-67465 | 2 Quantumcloud, Wordpress | 2 Simple Link Directory, Wordpress | 2026-04-27 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud Simple Link Directory simple-link-directory allows Cross Site Request Forgery.This issue affects Simple Link Directory: from n/a through <= 8.8.3. | ||||
| CVE-2025-62952 | 2 Quantumcloud, Wordpress | 2 Chatbot, Wordpress | 2026-04-27 | 4.3 Medium |
| Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through <= 7.7.3. | ||||
| CVE-2025-64277 | 2 Quantumcloud, Wordpress | 2 Chatbot, Wordpress | 2026-04-24 | 5.3 Medium |
| Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through <= 7.3.9. | ||||
| CVE-2026-32499 | 2 Quantumcloud, Wordpress | 2 Chatbot, Wordpress | 2026-04-24 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuantumCloud ChatBot chatbot allows Blind SQL Injection.This issue affects ChatBot: from n/a through <= 7.7.9. | ||||
| CVE-2025-53200 | 2 Quantumcloud, Wordpress | 2 Chatbot, Wordpress | 2026-04-23 | 4.3 Medium |
| Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through <= 6.7.3. | ||||