cbcvebase.
CVE-2023-5241
published 2023-10-19

CVE-2023-5241: The AI ChatBot for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.8.9 as well as 4.9.2 via the…

PriorityP349high8.1CVSS 3.1
AVNACLPRLUINSUCNIHAH
EPSS
2.07%
79.0th percentile
The AI ChatBot for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.8.9 as well as 4.9.2 via the qcld_openai_upload_pagetraining_file function. This allows subscriber-level attackers to append "<?php" to any existing file on the server resulting in potential DoS when appended to critical files such as wp-config.php.

Affected

2 ranges
VendorProductVersion rangeFixed in
quantumcloudwpbot< 4.9.14.9.1
quantumcloudwpbot
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.