cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12879,https://securityvulnerability.io/vulnerability/CVE-2024-12879,Data Modification Vulnerability in WPBot Pro Chatbot Plugin for WordPress,"The WPBot Pro Chatbot plugin for WordPress is susceptible to unauthorized data modifications due to a missing capability check in the 'qc_wp_latest_update_check_pro' function. This flaw affects all versions up to and including 13.5.5, permitting authenticated attackers with at least Subscriber-level permissions to create arbitrary Simple Text Responses to chat queries, posing a risk of manipulation and misinformation.",Wordpress,WPbot Pro WordPress Chatbot,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,false,false,false,2025-01-22T05:23:04.823Z,0
CVE-2024-13091,https://securityvulnerability.io/vulnerability/CVE-2024-13091,Arbitrary File Upload Vulnerability in WPBot Pro WordPress Chatbot Plugin,"The WPBot Pro WordPress Chatbot plugin is susceptible to an arbitrary file upload vulnerability owing to inadequate file type validation in the 'qcld_wpcfb_file_upload' function. This issue is present in all versions up to and including 13.5.4. Consequently, unauthenticated attackers can exploit this vulnerability to upload arbitrary files onto the server of the affected site. This incident could potentially facilitate remote code execution, posing significant security risks. It is important to note that the exploit requires the presence of the ChatBot Conversational Forms plugin and the Conversational Form Builder Pro addon plugin.",Wordpress,WPbot Pro WordPress Chatbot,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,false,false,false,2025-01-22T00:15:00.000Z,0