cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2025-24666,https://securityvulnerability.io/vulnerability/CVE-2025-24666,Cross-Site Scripting Vulnerability in ThemeIsle AI Chatbot for WordPress - Hyve Lite,"The AI Chatbot for WordPress - Hyve Lite has a vulnerability that permits attackers to conduct cross-site scripting (XSS) attacks due to improper neutralization of user input during web page generation. This flaw allows malicious scripts to be executed within the affected application, potentially compromising user data and site security. Users are advised to update their plugins to the latest version and implement additional security measures to mitigate the risks associated with this vulnerability.",Wordpress,Ai Chatbot For WordPress – Hyve Lite,5.9,MEDIUM,0.0004299999854993075,false,,false,false,false,false,false,false,2025-01-24T17:24:50.523Z,0 CVE-2024-7714,https://securityvulnerability.io/vulnerability/CVE-2024-7714,Unauthorized Access to ChatGPT and Content Generator Plugin,"The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin prior to version 2.1.0 has significant access control deficiencies. An unauthenticated user can exploit these weaknesses to perform various actions, including disconnecting the plugin from the OpenAI service. This can result in the disruption of the AI functionality and may allow unauthorized users to manipulate connection and feedback processes, such as 'ays_chatgpt_disconnect', 'ays_chatgpt_connect', and 'ays_chatgpt_save_feedback'.",Wordpress,Ai Chatbot With Chatgpt And Content Generator By Ays,7.5,HIGH,0.004089999943971634,false,,false,false,true,true,false,false,2024-09-27T06:00:06.287Z,0 CVE-2024-7713,https://securityvulnerability.io/vulnerability/CVE-2024-7713,AI ChatBot Vulnerability Unveils Open AI API Key to Unauthorized Users,"The AYS WordPress Plugin, utilized for integrating AI ChatBot and content generation functionality, contains a vulnerability that results in the exposure of the Open AI API Key. This flaw impacts versions prior to 2.1.0, enabling unauthorized users to access sensitive API credentials without authentication. The disclosed API Key can potentially be exploited to compromise security, leading to unauthorized actions on systems utilizing the affected plugin. Users are advised to update to the latest version to mitigate the risks associated with this vulnerability.",Wordpress,Ai Chatbot With Chatgpt And Content Generator By Ays,7.5,HIGH,0.0008699999889358878,false,,false,false,true,true,false,false,2024-09-27T06:00:05.128Z,0 CVE-2024-6722,https://securityvulnerability.io/vulnerability/CVE-2024-6722,Chatbot Open to Stored Cross-Site Scripting Attacks,"The Chatbot Support AI: Free ChatGPT Chatbot, Woocommerce Chatbot WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)",Wordpress,"Chatbot Support Ai: Free Chatgpt Chatbot, WooCommerce Chatbot",4.8,MEDIUM,0.00044999999227002263,false,,false,false,true,true,false,false,2024-09-04T06:00:03.453Z,0 CVE-2024-5969,https://securityvulnerability.io/vulnerability/CVE-2024-5969,Unauthenticated Email Sending Vulnerability in AIOometric's Automatic AI Content Writer for WordPress,"The AIomatic - Automatic AI Content Writer for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 2.0.5. This is due to insufficient limitations on the email recipient and the content in the 'aiomatic_send_email' function which are reachable via AJAX. This makes it possible for unauthenticated attackers to send emails with any content to any recipient.",Wordpress,"Aiomatic - Automatic Ai Content Writer & Editor, Gpt-3 & Gpt-4, Chatgpt Chatbot & Ai Toolkit",5.8,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-07-27T07:33:46.658Z,0 CVE-2024-6669,https://securityvulnerability.io/vulnerability/CVE-2024-6669,Stored XSS Vulnerability in WPBot AI ChatBot for WordPress,"The AI ChatBot for WordPress – WPBot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",Wordpress,Ai Chatbot,4.8,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-07-17T07:15:00.000Z,0 CVE-2024-0453,https://securityvulnerability.io/vulnerability/CVE-2024-0453,Unauthorized Modification of Data Vulnerability in AI ChatBot Plugin for WordPress,"The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_delete_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete files from a linked OpenAI account.",Wordpress,Ai Chatbot For WordPress – WPbot,5,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-22T03:17:49.652Z,0 CVE-2024-0452,https://securityvulnerability.io/vulnerability/CVE-2024-0452,Unauthorized Data Modification Vulnerability in AI ChatBot Plugin for WordPress,"The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_upload_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload files to a linked OpenAI account.",Wordpress,Ai Chatbot For WordPress – WPbot,5,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-22T03:17:49.191Z,0 CVE-2024-0451,https://securityvulnerability.io/vulnerability/CVE-2024-0451,Unauthorized Access to Data in AI ChatBot Plugin for WordPress Due to Missing Capability Check,"The AI ChatBot plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the openai_file_list_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to list files existing in a linked OpenAI account.",Wordpress,Ai Chatbot For WordPress – WPbot,5,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-22T03:17:48.588Z,0 CVE-2024-0699,https://securityvulnerability.io/vulnerability/CVE-2024-0699,Arbitrary File Upload Vulnerability in AI Engine: Chatbots Plugin for WordPress,"The AI Engine: Chatbots, Generators, Assistants, GPT 4 plugin for WordPress suffers from a vulnerability due to inadequate file type validation in the 'add_image_from_url' function. This affects all versions up to and including 2.1.4, allowing authenticated users with Editor access or higher to upload arbitrary files to the server. This unauthorized file upload could lead to significant security risks, including the possibility of remote code execution, compromising the integrity and availability of the affected website.",Wordpress,"AI Engine: Chatbots, Generators, Assistants, GPT 4 and more!",7.2,HIGH,0.0012600000482052565,false,,false,false,false,,false,false,2024-02-05T21:21:32.230Z,0 CVE-2023-5606,https://securityvulnerability.io/vulnerability/CVE-2023-5606,Stored Cross-Site Scripting Vulnerability in ChatBot for WordPress,"The ChatBot for WordPress poses a stored cross-site scripting risk, allowing authenticated users with administrator-level permissions to inject malicious scripts via the FAQ Builder. The vulnerability arises due to inadequate input sanitization and output escaping, affecting only multi-site installations and those where unfiltered_html is disabled. This flaw can lead to arbitrary scripts being executed when users access compromised pages, creating significant security implications for affected sites. It is important to address this vulnerability to ensure the integrity and security of your WordPress site.",Wordpress,AI ChatBot,4.8,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2023-11-02T09:15:00.000Z,0 CVE-2023-5533,https://securityvulnerability.io/vulnerability/CVE-2023-5533,Unauthorized AJAX Action Vulnerability in AI ChatBot Plugin for WordPress,"The AI ChatBot plugin for WordPress contains a vulnerability due to the absence of necessary capability checks on AJAX actions. This flaw affects versions up to and including 4.8.9 and 4.9.2, allowing unauthenticated attackers to exploit these actions intended for authenticated users with higher privileges. As a result, they can carry out unauthorized actions that could compromise the integrity of the site.",Wordpress,AI ChatBot,9.8,CRITICAL,0.0015899999998509884,false,,false,false,false,,false,false,2023-10-20T08:15:00.000Z,0 CVE-2023-5534,https://securityvulnerability.io/vulnerability/CVE-2023-5534,Cross-Site Request Forgery Vulnerability in AI ChatBot Plugin for WordPress,"The AI ChatBot plugin for WordPress is susceptible to Cross-Site Request Forgery due to improper nonce validation in versions 4.8.9 and 4.9.2. This vulnerability allows unauthenticated attackers to execute malicious requests by tricking a site administrator into clicking a crafted link, potentially compromising site integrity. It is essential for users to update to the latest version to mitigate this security risk.",Wordpress,AI ChatBot,5.4,MEDIUM,0.0005099999834783375,false,,false,false,false,,false,false,2023-10-20T08:15:00.000Z,0 CVE-2023-5204,https://securityvulnerability.io/vulnerability/CVE-2023-5204,SQL Injection Vulnerability in ChatBot Plugin for WordPress,"The ChatBot plugin for WordPress contains a security flaw that allows unauthenticated attackers to exploit the $strid parameter, leading to SQL Injection attacks. Due to insufficient validation on user-provided inputs and a lack of proper preparation within the SQL queries, attackers can inject malicious SQL statements. This vulnerability can enable malicious actors to retrieve sensitive data from the database, thereby compromising the security of WordPress sites that utilize this plugin. It is crucial for users to assess their usage of this plugin and update to the latest version to mitigate this risk.",Wordpress,AI ChatBot,7.5,HIGH,0.006579999811947346,false,,false,false,true,true,false,false,2023-10-19T06:15:00.000Z,0 CVE-2023-5241,https://securityvulnerability.io/vulnerability/CVE-2023-5241,Directory Traversal Vulnerability in AI ChatBot for WordPress by WordPress,"The AI ChatBot for WordPress has a Directory Traversal vulnerability that allows subscriber-level attackers to manipulate files on the server. By exploiting the qcld_openai_upload_pagetraining_file function, attackers can append malicious PHP code, such as '